Lucene search
K

207 matches found

CNNVD
CNNVD
added 2025/09/22 12:0 a.m.4 views

LibTIFF 安全漏洞

LibTIFF is a LibTIFF open source library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF that stems from the ability to perform arbitrary write operations...

8.8CVSS5.8AI score0.00739EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2025/07/02 11:3 p.m.12 views

K000152366: XZ Utils vulnerability CVE-2025-31115

Security Advisory Description XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and...

8.7CVSS7.6AI score0.00647EPSS
Exploits0
Fedora
Fedora
added 2025/05/29 2:6 a.m.9 views

[SECURITY] Fedora 41 Update: xen-4.19.2-3.fc41

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

5.7CVSS7.1AI score0.00371EPSS
Exploits0
Fedora
Fedora
added 2025/05/20 1:46 a.m.13 views

[SECURITY] Fedora 41 Update: woff-0.20091126-47.fc41

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...

9.3CVSS6.6AI score0.08816EPSS
Exploits2
Fedora
Fedora
added 2025/05/20 1:13 a.m.9 views

[SECURITY] Fedora 42 Update: woff-0.20091126-47.fc42

Provides the sfnt2woff and woff2sfnt command-line tools for encoding and decoding Web Open Font Format WOFF files...

9.3CVSS6.6AI score0.08816EPSS
Exploits2
Fedora
Fedora
added 2025/05/17 2:2 a.m.10 views

[SECURITY] Fedora 42 Update: xen-4.19.2-4.fc42

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

5.7CVSS7.1AI score0.00371EPSS
Exploits0
Fedora
Fedora
added 2025/04/11 6:32 p.m.14 views

[SECURITY] Fedora 42 Update: cri-tools1.29-1.29.0-11.fc42

CLI and validation tools for Kubelet Container Runtime Interface CRI...

4.4CVSS7.5AI score0.00384EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/04/03 4:57 p.m.12 views

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7.2AI score0.00647EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/03/20 7:34 a.m.4 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References7
Fedora
Fedora
added 2025/03/15 2:52 a.m.16 views

[SECURITY] Fedora 40 Update: xen-4.18.4-2.fc40

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

7.5CVSS7.4AI score0.00723EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.7 views

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.1AI score0.89472EPSS
Exploits10
OSV
OSV
added 2025/02/21 1:35 p.m.5 views

OESA-2025-1154 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.1CVSS7.9AI score0.89472EPSS
Exploits10References2
RedHat Linux
RedHat Linux
added 2025/02/20 5:11 p.m.10 views

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

8.1CVSS7.3AI score0.89472EPSS
Exploits10References7
OSV
OSV
added 2025/02/13 1:15 p.m.6 views

ALPINE-CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

8.1CVSS8AI score0.89472EPSS
Exploits10References1
CVE
CVE
added 2024/10/02 2:16 p.m.50 views

CVE-2024-47611

CVE-2024-47611 affects XZ Utils on Windows platforms built with MinGW-w64 or MSVC for the command-line tools in versions 5.6.2 and earlier. The underlying issue is command-line argument handling where Unicode characters that do not exist in the legacy code page are converted to similar-looking ch...

6.3CVSS7AI score0.00756EPSS
Exploits0References2
OSV
OSV
added 2024/10/02 2:16 p.m.12 views

CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection

XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...

6.3CVSS6AI score0.00756EPSS
Exploits0References4
Amazon
Amazon
added 2024/08/15 12:0 a.m.4 views

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...

9.1CVSS7AI score0.05582EPSS
Exploits1
Fedora
Fedora
added 2024/08/01 1:25 a.m.24 views

[SECURITY] Fedora 39 Update: xen-4.17.4-2.fc39

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

7.5CVSS7.3AI score0.08555EPSS
Exploits0
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.4 views

Number withdrawn

LibTIFF is a LibTIFF open source library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command line tools for working with TIFF files. This CVE number has been withdrawn...

7AI score
Exploits0References5
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.26 views

Fedora: Security Advisory (FEDORA-2024-4357ec611d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.17444EPSS
Exploits0References2
Rows per page
Query Builder