23 matches found
CVE-2026-46751 Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...
CVE-2026-46751
CVE-2026-46751 affects Apache Kvrocks (2.2.0–2.15.0). The root cause is that Kvrocks does not remove the unsafe loadstring function from its Lua sandbox, enabling a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of...
POC-APISIX-RCE
Apache APISIX - Remote Code Execution Admin API script inject...
Linux Distros Unpatched Vulnerability : CVE-2017-12952
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a...
SUSE CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
Cross-Site Scripting in scratch-svg-renderer
Overview This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Recommendation Upgrade to version...
Cross-Site Scripting in scratch-svg-renderer
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
CVE-2020-7750
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
CVE-2020-7750
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
Code injection
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...
Updated crawl packages fix security vulnerability
Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring CVE-2020-11722. This update fixes it, also updating crawl from version 0.23.2 to 0.24.1, with the following main gameplay changes: Vampire species simplifi...
openSUSE Security Update : crawl (openSUSE-2020-549)
This update for crawl fixes the following issues : - CVE-2020-11722: Fixed a remote code evaluation issue with lua loadstring boo1169381 Update to version 0.24.0 - Vampire species simplified - Thrown weapons streamlined - Fedhas reimagined - Sif Muna reworked Update to version 0.23.2 - Trap syste...
openSUSE: Security Advisory for crawl (openSUSE-SU-2020:0549-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
DEBIAN-CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
Null pointer dereference
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
UBUNTU-CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...
CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...