libtiff security update

4.0.3-35.0.1 - fix CVE-2025-8176: prevent skipping first line in tiffdither and tiffmedian tools Orabug: 38658716 - fix CVE-2025-8177: buffer overflow thumbnail setrow Orabug: 38658716 - fix CVE-2025-9900: buffer underflow crash in TIFFReadRGBAImageOriented Orabug: 38658716...

libtiff security update

4.4.0-15.2 - fix CVE-2025-8176: tiffdither and tiffmedian skip first line of input images RHEL-120239 4.4.0-15.1 - fix CVE-2025-9900: buffer underflow crash in TIFFReadRGBAImageOriented RHEL-112545...

libtiff security update

4.0.9-36 - fix CVE-2025-8176: prevent skipping first line in tiffdither and tiffmedian tools RHEL-120230...

Malicious code in tailwindcss-first-line (npm)

The package tailwindcss-first-line was found to contain malicious code...

MAL-2025-34390 Malicious code in tailwindcss-first-line (npm)

The package tailwindcss-first-line was found to contain malicious code...

SUSE CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the 1 :first-letter and 2 :first-line pseudo-elements in an SVG text element, which allows remote...

OpenSearch Project 信息泄露漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. An information disclosure vulnerability exists in OpenSearch Project versions prior to 1.3.7 and 2.x...

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS Domain Name System related outage and Distributed denial of service DDoS lead a negative impact on...

eQ-3 AG HomeMatic CCU2 User.getLanguage method directory traversal vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in the User.getLanguage method in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to read the...

CVE-2018-7296

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web...

Atlassian Bitbucket Server Path Traversal Vulnerability

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A path traversal vulnerability exists in the repository settings resource in Atlassia...

The vulnerability of the Mozilla Firefox ESR browser arises from an operation that goes beyond buffer boundaries in memory, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Mozilla Firefox ESR browser arises from an operation that goes beyond the buffer boundaries when applying style rules to pseudo-elements such as ::first-line. Exploiting this vulnerability can allow a malicious actor to cause a service failure using cached style data...

CVE-2017-18038

The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name...

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

WebKit: multiple vulnerabilities in WebKitGTK

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the 1 :first-letter and 2 :first-line pseudo-elements in an SVG text element, which allows remote...