Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the metadata process. An attacker can rename, move, or create links to files within the container by submitting specially crafted metadata values that bypass the intended blocklist. This may also...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. CVE-2026-33905: Denial of service via out-of-bounds read in -sample...

CVE-2026-34445

A flaw was found in Open Neural Network Exchange ONNX. An attacker could exploit a vulnerability in how ONNX processes model metadata, specifically within the ExternalDataInfo class. By crafting a malicious ONNX model, an attacker could overwrite internal object properties, leading to a denial of...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the ExternalDataInfo function. An attacker can cause system unavailability, limited information disclosure, or dat...

EUVD-2021-19455

Malware in sbrugna...

SUSE-SU-2025:1569-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 - CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 - CVE-2025-43963: Fixed...

Linux Distros Unpatched Vulnerability : CVE-2021-37616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found ...

CVE-2025-0290

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

JVN#05508012: EXIF Viewer Classic vulnerable to cross-site scripting

EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor informs us...

PT-2025-3813 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: An issue has been discovered in GitLab CE/EE where under certain conditions, processing of CI artifacts...

Apple macOS 输入验证错误漏洞

Apple macOS is a proprietary operating system from Apple Inc. that was developed specifically for Mac computers. An input validation error vulnerability exists in macOS, which arises from insufficient validation of user-supplied input within the installer component when processing metadata. The...

UBUNTU-CVE-2016-6292

The exifprocessusercomment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted JPEG image...