Lucene search
K

34 matches found

SUSE CVE
SUSE CVE
added 2026/07/03 3:2 a.m.5 views

SUSE CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-55628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by t...

5.5CVSS6AI score0.00098EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 11:6 p.m.7 views

CVE-2026-55628

A flaw was found in ImageMagick. The -concatenate operation, used for combining images, lacks proper security policy checks. This oversight could allow an attacker to read from or write to file paths that should otherwise be restricted by the security policy. This could lead to unauthorized acces...

6.1CVSS5.6AI score0.00098EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.5 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 7:16 p.m.7 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 7:16 p.m.3 views

DEBIAN-CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 7:16 p.m.4 views

UBUNTU-CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 6:16 p.m.66 views

CVE-2026-55628

ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/01 6:16 p.m.6 views

CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0
OSV
OSV
added 2026/07/01 6:16 p.m.5 views

CVE-2026-55628 ImageMagick: Policy Bypass in concatenate operation due to missing checks

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54857

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 Description The -concatenate operation lacks necessary policy checks. This flaw allows the software to read from and write to file paths that are explicitly disallowed by the security policy, enabling a...

5.5CVSS6AI score0.00111EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2026/02/11 12:0 a.m.4 views

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

6AI score0.00532EPSS
Exploits0References4
OSV
OSV
added 2026/01/27 12:9 a.m.13 views

OSV-2026-153 Security exception in org.apache.lucene.analysis.miscellaneous.ConcatenateGraphFilter$BytesRefBuilderT

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478558485 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ConcatenateGraphFilter$BytesRefBuilderT org.apache.lucene.analysis.miscellaneous.ConcatenateGraphFilter$BytesRefBuilderT...

5.3AI score
Exploits0References1
OSV
OSV
added 2025/12/17 10:16 p.m.5 views

AZL-72821 CVE-2025-68114 affecting package capstone 4.0.2-4

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...

9.8CVSS5.9AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.13 views

PT-2025-27706

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the netfilter in the Linux kernel, specifically with the nf set pipapo avx2 function. The problem occurs when the first field does not cover the entire start ma...

5.5CVSS6.7AI score0.00156EPSS
Exploits0
OSV
OSV
added 2025/04/14 5:15 p.m.1 views

DEBIAN-CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

9.8CVSS7.9AI score0.00718EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.6 views

Fedora: Security Advisory for rust-uu_tac (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder