| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch. |
| free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be vulnerable. free5gc/udr pull request 56 contains a patch. No direct workaround is available at the application level. Applying the official patch is recommended. |
| strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). |
| saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. |
| libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. |
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. |
| Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch. |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch. |
| A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. |
| A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. |
| free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be affected. free5gc/udr pull request 56 contains a patch for the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch. |
| DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.
The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change. |
| free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP SessionReportRequest on the SMF PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only). |
| Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device `uniqueId` to an absolute path. When uploading a device image, Traccar uses that `uniqueId` to build the filesystem path without enforcing that the resolved path stays under the media root. This allows writing files outside the media directory. As of time of publication, it is unclear whether a fix is available. |
| The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network in a client-managed deployment, an unauthenticated attacker can achieve remote code execution. Version 2021.2.4 is no longer supported by Fiserv. Customers should upgrade to a currently supported release (2025.1 or later) and ensure that .NET Remoting service ports are not exposed beyond trusted network boundaries.
This CVE documents behavior observed in a client-hosted deployment running an unsupported legacy version of Originate Loans Peripherals with .NET Remoting ports exposed to an untrusted network. This is not a default or supported configuration. Customers running legacy versions should upgrade to a currently supported release and ensure .NET Remoting ports are restricted to trusted network segments. The finding does not apply to Fiserv-hosted environments. |
| A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. |
| A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. |
| The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.
The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 . |
