MiracleLinux 4 : xorg-x11-server-1.13.0-23.1.0.1.AXS4 (AXSA:2014-075:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-075:01 advisory. X.Org X11 X server Security issues fixed with this release: CVE-2013-1940 X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict acce...

UBUNTU-CVE-2019-11925

Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between...

gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow

An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application usin...

php: gd extension NUL byte injection in file names

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...

php: buffer overflow in the imageloadfont function in gd extension

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

CVE-2008-2489

SQL injection vulnerability in the Library for Frontend Plugins aka sgzfelib extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."...