Astra Linux - уязвимость в harfbuzz

HarfBuzz is a text shaping engine. Prior to version 12.3.0, there was a null pointer dereference vulnerability in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check whether hbmalloc returns NULL before using placement new to construct an...

CVE-2026-22693

A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hbmalloc returns NULL before using placement ne...

CVE-2026-22693 Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

CVE-2026-22693

HarfBuzz text shaping engine contains a null pointer dereference in SubtableUnicodesCache::create (src/hb-ot-cmap-table.hh) that occurs when hb_malloc returns NULL before a placement new, leading to undefined behavior/segfault on low memory. This affects versions prior to 12.3.0 and has been fixe...

Vieb -- Remote Code Execution via Visiting Untrusted URLs

Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report: We discovered a remote code execution RCE vulnerability in the latest release of the Vieb browser v12.3.0. By luring a user to visit a malicious website, an attacker can achieve arbitrary code execution on the victim’s machine...

PT-2023-16795 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab EE versions 12.3.0 through 15.8.5 Gitlab EE versions 15.9.0 through 15.9.4 Gitlab EE versions 15.10.0 through 15.10.1 Description: The issue is related to improper authorization, allowing unauthorized access to security reports in merg...

Piwigo <= 12.3.0 XSS Vulnerability

Piwigo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

CVE-2018-3048

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2018-3024

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications subcomponent: Payments Core. Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via...

CVE-2018-3022

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications subcomponent: Payments Core. Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via...

CVE-2018-3030

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...

Unspecified Vulnerability in Oracle Banking Corporate Lending Component

Oracle Financial Services Applications is the United States Oracle Oracle company's set of core banking, online banking and property management in one of the financial services software. Oracle Banking Corporate Lending is one of the bank loan management component. A security vulnerability exists...

Unspecified Vulnerability in Oracle Banking Corporate Lending Component (CNVD-2018-01512)

Oracle Financial Services Applications is the United States Oracle Oracle company's set of core banking, online banking and property management in one of the financial services software. Oracle Banking Corporate Lending is one of the bank loan management component. A security vulnerability exists...

CVE-2018-2704

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications subcomponent: Payments Core. Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2018-2706

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

CVE-2017-3488

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged attack...

CVE-2016-8317

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network...