2269 matches found
CVE-2020-6092
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file...
CVE-2024-51695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-45573
Memory corruption may occour while generating test pattern due to negative indexing of display ID...
CVE-2024-45573
CVE-2024-45573 : Memory corruption can occur when generating test patterns due to negative indexing of the display ID in Qualcomm chipsets. CVSS v3.1 base score 7.8 (HIGH) with LOCAL attacker, low privileges, no user interaction; impacts to confidentiality, integrity, and availability are noted a...
CVE-2024-45573 Use of Out-of-range Pointer Offset in Display
Memory corruption may occour while generating test pattern due to negative indexing of display ID...
Security update for haproxy
This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...
SUSE-SU-2025:20101-1 Security update for haproxy
This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: - VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 - BUG/MINOR: cfgparse-listen: fix option httpslog...
redis: Denial-of-service due to unbounded pattern matching in Redis
A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...
AlmaLinux 8 : redis:6 (ALSA-2025:0595)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0595 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the Redis...
redis: Denial-of-service due to unbounded pattern matching in Redis
A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...
redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow
A vulnerability was found in Redis. This flaw allows an authenticated to use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU time...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
media: v4l2-tpg: prevent the risk of a division by zero
...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
Important: ghostscript
Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...
redis: Denial-of-service due to unbounded pattern matching in Redis
A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. Patches - See "Patched versions. -...
GHSA-8W3P-GF85-QCCH Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. Patches - See "Patched versions. -...
CVE-2024-53864
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...