Sangfor OSM - Arbitrary File Upload

Sangfor Operation and Maintenance Management System = 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the "File" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges. id:...

Azure Linux 3.0 Security Update: LibRaw (CVE-2020-15503)

The version of LibRaw installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-15503 advisory. - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp,...

CVE-2025-15503

creationtimestamp| type| source ---|---|--- 2026-01-10 10:00:13+00:00| published-proof-of-concept| Telegram/HEyoP6owuKqhNpzRpz0TBMoTyViJcn1NOxzI3l-iTxrJI 2026-01-10 12:44:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mc322qun4y2q 2026-02-11 09:38:10+00:00| confirmed|...

CVE-2025-15503

Summary (CVE-2025-15503) Sangfor Operation and Maintenance Management System (OSM) up to version 3.0.8 contains an unrestricted file upload vulnerability. The flaw is triggered by manipulating the File argument in /fort/trust/version/common/common.jsp, enabling remote upload of arbitrary files. E...

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

Linux Distros Unpatched Vulnerability : CVE-2020-15503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For...

CVE-2020-15503 affecting package LibRaw for versions less than 0.19.5-5

CVE-2020-15503 affecting package LibRaw for versions less than 0.19.5-5. A patched version of the package is available...

Debian dla-3214 : libraw-bin - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3214 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3214-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3214-1] libraw security update

Debian LTS Advisory DLA-3214-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne November 30, 2022 https://wiki.debian.org/LTS Package : libraw Version : 0.19.2-2+deb10u2 CVE ID : CVE-2020-15503 This update adds size checks to thumbnail extraction. Prior to these...

NewStart CGSL MAIN 6.02 : LibRaw Vulnerability (NS-SA-2021-0063)

The remote NewStart CGSL host, running version MAIN 6.02, has LibRaw packages installed that are affected by a vulnerability: - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example,...

Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of AlmaLinux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...

RLSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...

MGASA-2020-0368 Updated libraw packages fix a security vulnerability

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength occurs without validating T.tlength. CVE-2020-15503...

Fedora: Security Advisory for LibRaw (FEDORA-2020-c6fa12cfb1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 31 : LibRaw (2020-c6fa12cfb1)

Fix CVE-2020-15503 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

openSUSE Security Update : libraw (openSUSE-2020-1128)

This update for libraw fixes the following issues : - security update - added patches fix CVE-2020-15503 bsc1173674, lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network...

openSUSE: Security Advisory for libraw (openSUSE-SU-2020:1128-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1128-1 Security update for libraw

This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 bsc1173674, lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project...

openSUSE Security Update : libraw (openSUSE-2020-1088)

This update for libraw fixes the following issues : - security update - added patches fix CVE-2020-15503 bsc1173674, lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network...

openSUSE: Security Advisory for libraw (openSUSE-SU-2020:1088-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...