Astra Linux - уязвимость в exiv2

There is a vulnerability in the SEGV method in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of the tiffimageint.cpp file, within Exiv2 0.27-RC3. A crafted input can lead to a remote denial-of-service attack...

Arixolab Nominas 路径遍历漏洞

Arixolab Nominas is a human resources and salary calendar system developed by the Spanish company Arixolab. Version 0.27 of Arixolab Nominas contains a path traversal vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the login/checklogin.php file,...

[SECURITY] [DSA 6095-1] foomuuri security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6095-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 07, 2026 https://www.debian.org/security/faq -...

PT-2026-1886

Name of the Vulnerable Software and Affected Versions Foomuuri versions prior to 0.27-2+deb13u1 Foomuuri versions prior to 0.31 Description An Improper Neutralization of Argument Delimiters issue exists in Foomuuri, potentially leading to integrity loss of the firewall configuration or other...

PT-2026-1882

Name of the Vulnerable Software and Affected Versions Foomuuri versions prior to 0.31 Foomuuri version 0.27-2+deb13u1 Description An improper authorization issue in Foomuuri allows unauthorized users to modify the firewall configuration. This could lead to tampering of the firewall configuration...

CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

CVE-2025-58016

Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from n/a through = 0.26...

GHSA-973X-65J7-XCF4 Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...

perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input

perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected input...

SUSE CVE-2013-7488

perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected input...

SUSE CVE-2018-20096

There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

Jenkins Plugin REPO 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

GHSA-XV69-6RF3-W5G2 Missing permission check in Jenkins Cloud Statistics Plugin

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. Jenkins Cloud Statistics Plugin 0.27 requires...

Wocu Monitoring 跨站脚本漏洞

Wocu Monitoring is a console for Wocu. A cross-site scripting vulnerability exists in Wocu Monitoring versions 0.27 through 48.2, which stems from an outdated version of the tinymce editor that lacks filtering and escaping in the comments that create reports...

UBUNTU-CVE-2020-18899

An uncontrolled memory allocation in DataBufdatasubBox.length-sizeofbox function of Exiv2 0.27 allows attackers to cause a denial of service DOS via a crafted input...

PT-2021-6703

Name of the Vulnerable Software and Affected Versions Exiv2 version 0.27 Description The issue is related to an uncontrolled memory allocation in the DataBufdatasubBox.length-sizeofbox function of the Exiv2 library, which can be exploited by a remote attacker to cause a denial of service DOS via ...

Exiv2 缓冲区错误漏洞

Exiv2 is a set of C++ libraries and command line applications for managing image metadata from the individual developer Andreas Huggel. The product provides functionality to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A buffer error vulnerability exists in...

Exiv2 资源管理错误漏洞

Exiv2 is a set of C++ libraries and command line applications for managing image metadata from the individual developer Andreas Huggel. The product provides functionality to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A resource management error vulnerabili...

perl-Convert-ASN1 Denial of Service Vulnerability

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in perl-Convert-ASN1 0.27 and earlier versions, which stems from the program's unsafe decoding of user input. A remote attacker can exploit the vulnerabilit...

exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...