Amazon Linux 2 : compat-libtiff3, --advisory ALAS2-2025-2986 (ALAS-2025-2986)

The version of compat-libtiff3 installed on the remote host is prior to 3.9.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2986 advisory. A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer ...

CVE-2021-26990

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files...

aiohttp 跨站脚本漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A cross-site scripting vulnerability exists in aiohttp versions prior to 3.9.4, which stems from the use of web.static... , showindex=True, the generated index page does not escape filenames, leaving the...

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...

AZL-10900 CVE-2022-36049 affecting package helm for versions less than 3.9.4-2

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

GHSA-RJF2-J2R6-Q8GR Prototype Pollution in vm2

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine...

CVE-2021-26992

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service DoS...

Joomla! cross-site scripting vulnerability (CNVD-2019-15989)

Joomla! is a globally recognized content management system developed using PHP language and MySQL database, which can be implemented on various platforms such as Linux, Windows, MacOSX and so on. A cross-site scripting vulnerability exists in the media form field in versions of Joomla! prior to...

Joomla! access control error vulnerability (CNVD-2019-15988)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An Access Control Error vulnerability exists in Joomla! versions prior to 3.9.4, which stems from a lack of ACL checking in the Sample Data plugin a...

CVE-2010-2067

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tifdirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file...