Unity Linux 20.1070e Security Update: ghostscript (UTSA-2025-993339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993339 advisory. gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its...

PT-2024-14256 · Unknown · Trusted Firmware-M

Name of the Vulnerable Software and Affected Versions: Trusted Firmware-M versions through 2.0.0 Description: An issue was discovered in the logging subsystem of Trusted Firmware-M, where the lack of argument verification allows attackers to read sensitive data via the login function...

Linux kernel 数据伪造问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of the Linux kernel prior to 5.12.14, which stems from the fact that the kernel's module.c incorrectly handles signature validation...

Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

Arbtirary Command Execution

composer/composer is vulnerable to arbitrary command execution. A missing argument delimiter allows an attacker to inject and execute arbitrary commands via VCS repository URLs or source download URLs on systems with Mercurial...

CVE-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

CVE-2004-0458

CVE-2004-0458 affects mah-jong prior to 1.6.2. A missing-argument condition allows remote attackers to trigger a NULL pointer dereference, causing a denial of service (server crash) over the network. Debian’s DSA-503 advisory and OpenVAS entries confirm the issue and advise updating mah-jong to a...

PT-2004-1012 · Mah-Jong · Mah-Jong

Name of the Vulnerable Software and Affected Versions: mah-jong versions prior to 1.6.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a server crash. This is achieved via a missing argument, which triggers a null pointer dereference. Multiple...