120826 matches found
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
libtiff: Libtiff Write-What-Where
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
lasso: Type confusion in Entr'ouvert Lasso
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
Glob 操作系统命令注入漏洞
Glob is a file matching software by isaacs individual developers. An operating system command injection vulnerability exists in Glob versions 10.3.7 through 11.0.3, which stems from command injection and could lead to arbitrary code execution...
Dell ControlVault3 CvManager_SBI buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2188 Dell ControlVault3 CvManagerSBI buffer overflow vulnerability November 17, 2025 CVE Number CVE-2025-32089 SUMMARY A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 5.14.3.0 and 5.15.10.14, A31. A specially...
Fedora: Security Advisory (FEDORA-2025-63872f52bb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-47185
Name of the Vulnerable Software and Affected Versions Glob versions 10.3.7 through 11.0.3 Description The glob command-line interface contains a command injection issue in its -c/--cmd option. This allows arbitrary command execution when processing files with maliciously crafted names. When using...
SourceForge QaTraq 安全漏洞
SourceForge QaTraq is an open source test management tool from SourceForge. A security vulnerability exists in SourceForge QaTraq version 6.9.2, which stems from an insufficient file type restriction that could lead to the upload and execution of arbitrary PHP files...
Alibaba Cloud Linux 3 : 0177: mingw-libtiff (ALINUX3-SA-2025:0177)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0177 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-8176: A vulnerability was found i...
[SECURITY] [DSA 6059-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6059-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 16, 2025 https://www.debian.org/security/faq -...
[SECURITY] [DLA 4372-1] thunderbird security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4372-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 16, 2025 https://wiki.debian.org/LTS -...
Debian dsa-6059 : thunderbird - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6059 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6059-1 [email protected]...
Debian dla-4372 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4372 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4372-1 [email protected]...
AWS VDP: Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution
Asset URL: https://github.com/aws/amazon-q-developer-cli/ Summary: Running Q chat from Amazon Q Developer CLI from an attacker-controlled repository/directory that contains a crafted .amazonq/mcp.json enables arbitrary command injection/execution. Amazon Q Developer CLI automatically loads and...