Infinite loop

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Infinite loop

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2025-58059 Valtimo scripting engine can be used to gain access to sensitive data or resources

Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to:...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the scripting engine. An attacker with the admin role ROLEADMIN can execute arbitrary code and access sensitive data by creating or modifying and executing process definitions with administrative privileges...

SurrealDB no JavaScript script function default timeout could facilitate DoS

Through enabling the scripting capability. SurrealDB allows for advanced functions with complicated logic, by allowing embedded functions to be written in JavaScript. These functions are bounded for memory and stack size, but not in time. An attacker could launch a number of long running function...

CVE-2022-43938

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

PT-2017-1514 · Microsoft · Browsers +1

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Microsoft browsers affected versions not specified Description: The issue is related to insufficient access restrictions to certain functions in Microsoft browsers, which could allow a remote...

PT-2016-2971 · Microsoft · Browsers +2

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Microsoft browsers affected versions not specified Description: The issue is related to a lack of protection for internal data in Microsoft Edge, which can be exploited by a remote attacker using...

Microsoft Internet Explorer property memory corruption vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that...

Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles certain script errors may lead to memory corruption that may allow remote execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability that could be exploited when handling...

Konqueror fails to restrict access to Java classes

Overview The Konqueror web browser may allow Java applets and JavaScripts to bypass the Java security settings and access restricted Java classes. Exploitation may allow a remote attacker to read and write arbitrary files on a vulnerable system. Description Konqueror is a web browser and file...

Microsoft Internet Explorer Plug-in Navigations Handling Address Bar Spoofing Vulnerability

Description It is reported that Microsoft Internet Explorer is prone to a vulnerability that may allow a malicious Web page containing embedded flash multimedia to spoof the address bar of the browser. This could be used to lure Web users into a false sense of trust since a malicious or spoofed...

IE GetObject() problems

Georgi Guninski security advisory 52, 2001 IE GetObject problems Systems affected: Patched IE 6.0, somewhat patched 5.5 Win2K Risk: High Date: 1 January 2002 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it ...

Wang/Kodak Image Admin ActiveX Control

Overview Description The Image Admin control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Admin control is one of several controls used to provide image editting services through a web site. Because the...