Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

CVE-2026-26830

Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...

MAL-2026-1308 Malicious code in iron-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bb41903e84d6a7adabb1c7268258090468e2e83e6f31fb679d594e8266f79e The package iron-image was found to contain malicious code. Source: ghsa-malware 11a0db876976d8589a7d975fb9c112f6569a4fc2708fb21c378166c2a1f8d204 Any...

Malicious code in iron-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bb41903e84d6a7adabb1c7268258090468e2e83e6f31fb679d594e8266f79e The package iron-image was found to contain malicious code. Source: ghsa-malware 11a0db876976d8589a7d975fb9c112f6569a4fc2708fb21c378166c2a1f8d204 Any...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

Malicious code in test-mlw1-image-hable-mayed-hance (npm)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2021-1188

Malware in sbrugna...

Malicious code in @marcos_feitoza/docker-image (npm)

The package @marcosfeitoza/docker-image was found to contain malicious code...

CVE-2020-8132

Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...

[SECURITY] Fedora 41 Update: rpm-ostree-2025.5-2.fc41

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

CVE-2024-5509

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target mus...

[SECURITY] Fedora 40 Update: rpm-ostree-2024.4-5.fc40

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

Fedora: Security Advisory for golang-x-image (FEDORA-2023-c862a1e289)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-67C6-Q4J4-HCCG Flarum vulnerable to LFI and Blind SSRF via Avatar upload

Impact The Flarum forum software is affected by a vulnerability that allows an attacker to conduct a Blind SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulat...

PT-2023-7222 · Flarum +1 · Flarum +1

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.0 Description: The issue allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. This is due to the...

Microsoft Azure Sphere ASXipFS inode type privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1131 Microsoft Azure Sphere ASXipFS inode type privilege escalation vulnerability July 31, 2020 CVE Number None SUMMARY A privilege escalation vulnerability exists in the ASXipFS inode type functionality of Microsoft Azure Sphere 20.06. A specially crafted...

[SECURITY] Fedora 24 Update: rpm-ostree-2017.3-2.fc24

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

Heap overflow

The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root privileges or cause a denial of service heap-based out-of-bounds access by leveraging the CAPNETADMI...

CVE-2017-7184

The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root privileges or cause a denial of service heap-based out-of-bounds access by leveraging the CAPNETADMI...