freeimage 安全漏洞

FreeImage is FreeImage open source a cross-platform for supporting popular graphic image formats open source library . freeimage has a buffer overflow vulnerability , the vulnerability stems from the size of the configuration file is not cleaned up , an attacker can use this vulnerability to caus...

Unspecified Vulnerability in FreeImage (CNVD-2024-39258)

FreeImage is FreeImage open source a cross-platform for supporting popular graphic image formats open source library . A security vulnerability exists in FreeImage that stems from a stack buffer overflow in the Load function of PluginXPM.cpp when processing XPM files in libfreeimage. No detailed...

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance uses IBM Db2 and IBM WebSphere Application Server traditional as dependent components. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins...

GO-2024-2920 Denial of service vulnerability via the parseDirectives function in github.com/vektah/gqlparser

An issue in vektah gqlparser open-source-library allows a remote attacker to cause a denial of service via a crafted script to the parseDirectives function...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-34447

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025

Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-29025...

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function...

ydata unsafe deserialization

Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded...

GHSA-2R57-2MRH-GGJV ydata cross-site scripting

A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...

CVE-2024-37063

A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...

CVE-2024-37063

A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...

libndp Security Vulnerabilities

libndp is a library in the libndp open source. A security vulnerability exists in libndp that stems from libndp not properly validating route length information, which allows an attacker to cause a buffer overflow in NetworkManager by sending incorrectly formatted IPv6 router advertisement packet...

Grassroot DICOM 缓冲区错误漏洞

Grassroot DICOM is a Sourceforge open source C++ library for DICOM medical files. A buffer error vulnerability exists in Grassroot DICOM version 3.0.23, which stems from the presence of a heap-based buffer overflow vulnerability, where a specially crafted, incorrectly-formatted file could result ...

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by ISVG - Identity Manager have multiple vulnerabilities

Summary IBM Security Verify Governance - Identity Manager ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins...

Gradio 安全漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A security vulnerability exists in Gradio that stems from an endpoint incorrectly allowing any method on a class to be called, allowing unauthorized read access to local...

gradio 路径遍历漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A path traversal vulnerability exists in gradio that stems from incorrect validation of user-supplied input...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360 Vulnerability Details...

Security Bulletin: Vulnerability in GitPython affects IBM Process Mining CVE-2024-22190

Summary There is a vulnerability in GitPython that could allow an remote attacker to execute arbitrary code on the system,. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22190...

Astro-Shield 安全漏洞

Astro-Shield is KindSpells Labs open source a library . It is used to calculate sub-resource integrity hashes for JS scripts and CSS stylesheets. Astro-Shield has a security vulnerability that stems from the CSP header generation feature allowing the listing of maliciously injected resources...

PyAnsys Geometry 安全漏洞

PyAnsys Geometry is an Ansys open source Python client library for the Ansys Geometrics service and other CAD Ansys products such as Ansys Discovery and Ansys SpaceClaim. A security vulnerability exists in PyAnsys Geometry. An attacker can exploit the vulnerability to perform malicious actions on...