Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003285 advisory. The sctpsfootb function in net/sctp/smstatefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to...

EUVD-2016-4772

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-6047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2022-0108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2024-22721

Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...

CVE-2024-0804

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

The vulnerability of the QTS and QuTS operating systems and Qnap network devices lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the QTS and QuTS operating systems and Qnap network devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially...

CVE-2023-46493

CVE-2023-46493 affects EverShop NPM prior to 1.0.0-rc.8. The vulnerability is a directory traversal in the readDirSync function of fileBrowser/browser.js, allowing a remote attacker to obtain sensitive information. Affected component: EverShop NPM ( frontend/backend codebase as described in sourc...

Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Schneider Electric IGSS Data Server 缓冲区错误漏洞

The Schneider Electric IGSS Data Server is a data server for the Interactive Graphics Scada System from Schneider Electric France. A buffer error vulnerability exists in versions prior to Schneider Electric IGSS Data Server 15.0.0.22140, which stems from an application boundary error. A remote...

Component Object Model Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Component Object Model COM client uses special case IIDs. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; ...

CVE-2018-6682

Cross Site Scripting Exposure in McAfee True Key TK 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site...

Code injection

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

UBUNTU-CVE-2015-4620

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing crafted zone data and then...

DEBIAN-CVE-2014-8549

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted On2 data...

CVE-2011-3402

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary...

CVE-2011-0064

The hbbufferensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary...