19 matches found
EUVD-2026-36117
Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...
CVE-2026-42526
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
Uncontrolled Recursion
Overview eslint is a pluggable linting utility for JavaScript and JSX Affected versions of this package are vulnerable to Uncontrolled Recursion in the isSerializable function when handling objects with circular references during the serialization process. An attacker can cause the application to...
CVE-2025-48430
Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...
Gallagher Command Centre Server 安全漏洞
Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server, which stems from storing sensitive information in clear text and could lead to compromised...
AZL-61972 CVE-2025-40775 affecting package bind for versions less than 9.20.9-1
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
PT-2024-16190
Name of the Vulnerable Software and Affected Versions Okta Verify for iOS versions 9.25.1 beta through 9.27.0 including beta Description A vulnerability in Okta Verify for iOS allows push notification responses through the iOS ContextExtension feature, enabling authentication to proceed regardles...
PT-2024-6161 · Unknown · Tap-Windows6
Name of the Vulnerable Software and Affected Versions: tap-windows6 driver version 9.26 and earlier Description: The issue is related to the tap-windows6 driver not properly checking the size data of incoming write operations, which can be used by an attacker to overflow memory buffers. This can...
PT-2023-21726 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.3 Description: The issue concerns the improper redaction of the directus refresh token from log outputs, allowing it to be used to impersonate users without their permission. This can lead to issues with...
SUSE CVE-2019-25059
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839...
Artifex Software Ghostscript Information Disclosure Vulnerability
Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...
UBUNTU-CVE-2018-19134
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...
UBUNTU-CVE-2018-19655
A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...
DEBIAN-CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
Artifex Ghostscript Type Obfuscation Vulnerability (CNVD-2020-54497)
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...
Artifex Ghostscript Type Obfuscation Vulnerability
Ghostscript is based on Adobe Systems PostScript and Portable Document Format PDF page description language interpreter set of software. A type confusion vulnerability exists in the 'LockDistillerParams' parameter in Artifex Ghostscript version 9.23 prior to 2018-08-23, which can be exploited by ...
DEBIAN-CVE-2016-7976
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams...
PT-2017-3936 · Artifex +3 · Artifex Ghostscript +3
Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 9.24 Description: The issue is related to the .setdistillerkeys PostScript command, which is accepted even though it is not intended for use during document processing. This leads to memory corruption,...
HPE Network Node Manager Cross-Site Scripting Vulnerability (CNVD-2016-02909)
HP Network Node Manager i-series NNMi software delivers powerful out-of-the-box features to help your network operations team efficiently manage networks of any size. A cross-site scripting vulnerability exists in HPE Network Node Manager i NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00, 10.01, whic...