26 matches found
PT-2026-38795
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
BIT-JAVA-MIN-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016
This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...
MiracleLinux 7 : harfbuzz-1.7.5-2.0.1.el7.AXS7 (AXSA:2024-8760:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8760:03 advisory. CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh CVEs: CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990921)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990921 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 slab: Warn...
JLSEC-2025-175 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via con...
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
CVE-2024-58136
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...
CVE-2024-58136
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...
DEBIAN-CVE-2024-38306
In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios BUG Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in...
CVE-2024-38306
In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios BUG Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in...
CVE-2024-38504
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles...
Arbitrary Code Execution
yiisoft/yii2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation in the set magic function when attaching behaviors to components, allowing instantiation of arbitrary classes if attacker-controlled input is provided...
CVE-2024-28230
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions...
harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...
CVE-2021-20764
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files...