Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: clickhouse (UTSA-2026-005267)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005267 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server...

MiracleLinux 9 : nodejs-nodemon-2.0.20-3.el9, nodejs-16.19.1-1.el9 (AXSA:2023-6037:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6037:02 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 http-cache-semantics: Regular Expression Denial of Servic...

Deserialization of Untrusted Data

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key...

PT-2024-19157 · Intel · Intel Dlb Driver

Name of the Vulnerable Software and Affected Versions: IntelR DLB driver software versions prior to 8.5.0 Description: The issue is related to improper input validation, which may allow an authenticated user to potentially cause a denial of service via local access. Recommendations: For versions...

pgAdmin 跨站脚本漏洞

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

Nervos CKB Permit load cell data from memory

Impact The faulty nodes will reject transactions which calls loadcelldata syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation. Patches 0.35.2, 0.36.1, 0.37.1, 0.38.2...

UBUNTU-CVE-2022-44011

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...

SUSE CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

SUSE CVE-2007-6352

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exifdataloaddatathumbnail function in exif-data.c...

CVE-2023-0216

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

PT-2022-27074 · Unknown +2 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 22.9.1.2603 ClickHouse versions prior to 22.8.2.11 ClickHouse versions prior to 22.7.4.16 ClickHouse versions prior to 22.6.6.16 ClickHouse versions prior to 22.3.12.19 Description: An issue was discovered in...

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information disclosure (CVE-2020-4957)

Summary IBM Security Identity Governance and Intelligence could disclose sensitive information in URL parameters due to a vulnerability in the Bulk Data Load module CVE-2020-4957. This vulnerability is resolved by a code fix in the affected part of the product. Vulnerability Details CVEID:...

CVE-2020-0181

In exifdataloaddatathumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID...

UBUNTU-CVE-2020-0198

In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14642894...

IBM API Connect Denial of Service Vulnerability (CNVD-2018-26026)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 2018.1 through 2018.3.7 that stems from th...

Information leak via side effects of speculative execution

ISSUE DESCRIPTION Processors give the illusion of a sequence of instructions executed one-by-one. However, in order to most efficiently use cpu resources, modern superscalar processors actually begin executing many instructions in parallel. In cases where instructions depend on the result of...

Inedo Otter Denial of Service Vulnerability

Inedo Otter is a set of server monitoring and configuration software from Inedo, USA. The software displays the configuration status of the target server by providing a dynamic, visual interface. A security vulnerability exists in Indeo Otter 1.7.4 and earlier versions where the vulnerable progra...

cumin: DoS via displayed link names containing non-ASCII characters

It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database such as via Cumin or Wallaby, requests to load said data would terminate and the requested pa...

libexif: "exif_data_load_data()" heap-based out-of-bounds array read

The exifdataloaddata function in exif-data.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory via crafted EXIF tags in an image...

CVE-2012-2836

The CVE-2012-2836 issue affects the libexif library (exif_data_load_data in libexif) prior to version 0.6.21. It allows remote attackers to trigger a denial of service (out-of-bounds read) or potentially leak sensitive process memory through crafted EXIF tags in an image. Impact is tied to applic...