51 matches found
CVE-2026-40169
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19...
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
EUVD-2021-29504
Malicious code in bioql PyPI...
EUVD-2024-1135
Malicious code in bioql PyPI...
EUVD-2022-24841
Malicious code in bioql PyPI...
ROS-20250912-09
Vulnerability in the implementation of the CORS mechanism of the Python PyPi language software product repository is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. remotely to disclose protected...
webkitgtk: disclose sensitive information
A flaw was found in WebKitGTK, which exists due to excessive data output in WebKit Process Model. This issue occurs when processing malicious web content, which may lead to sensitive information disclosure to unauthorized attackers...
ROS-20250616-22
A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...
ROS-20250402-04
Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...
ROS-20241121-01
Vulnerability in Moodle virtual learning environment related to excessive data output by application in Messaging error message. Messaging error message. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to confidential information. remotely, to...
PostgreSQL Memory disclosure in aggregate function calls (CVE-2023-5868)
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
GHSA-747V-52C4-8VJ8 Contao: Unencoded insert tags in the frontend
Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Do not output the submitted form data on the website. References...
Insert tag injection via the form generator
Date : 2024-04-09 CVE ID : CVE-2024-28191 It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9...
ROS-2-1000
2.1000 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
BIT-POSTGRESQL-2023-5868 Postgresql: memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
Design/Logic Flaw
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
CVE-2023-5868 Postgresql: memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...