Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

CVE-2026-3673

An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...

EUVD-2012-1215

Malware in sbrugna...

EUVD-2016-10108

Malware in sbrugna...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE. An attacker exploited the...

DRUPAL-CONTRIB-2023-026

This module enables you to use complex autocompletion in forms. The module doesn't sufficiently filter text in the data it exposes, allowing a malicious user to enter specially crafted tags to exploit a Cross Site Scripting XSS attack. This vulnerability is mitigated by the fact that an attacker...

SUSE CVE-2009-0136

Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service application crash or execute arbitrary code via an Audible Audio .aa file with a crafted 1 nlen or 2 vlen Tag...

HCL iNotes Cross-Site Scripting Vulnerability

HCL iNotes is a browsing client for accessing HCLDomino mail, contacts, calendar, scheduling and collaboration features. A stored cross-site scripting vulnerability exists in HCL iNotes 9, 10, and 11. The vulnerability stems from improper handling of message content. An attacker can exploit this...

The vulnerability of the LibTIFF library, which allows a hacker to trigger a service failure

The vulnerability of the TIFFFetchNormalTag function in the LibTIFF library arises from the execution of an operation beyond the buffer boundaries on the stack. Exploiting this vulnerability can allow a malicious actor to cause a service failure memory overflow by using a specially created file o...

UBUNTU-CVE-2016-9297

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via crafted TIFFSETGETC16ASCII or TIFFSETGETC32ASCII tag values...

Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)

The remote Solaris system is missing necessary patches to address security updates : - The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive...

Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2014-324)

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

Important: perl-YAML-LibYAML

Issue Overview: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buff...

CVE-2013-6393

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2013-6393

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

Heap overflow

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

CVE-2013-6393

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

CVE-2013-6393

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

CVE-2013-6393

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

CVE-2013-7141

Cross-site scripting XSS vulnerability in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "%" tags...