Lucene search
K

86 matches found

Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.4 views

PT-2024-39396 · WordPress · Avif & Svg Uploader

Name of the Vulnerable Software and Affected Versions: AVIF & SVG Uploader plugin for WordPress version 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

6.4CVSS6.3AI score0.00376EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.9 views

WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...

6.4CVSS5.8AI score0.00376EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:13476-1 avif-tools-1.0.2-1.1 on GA media

These are all security issues fixed in the avif-tools-1.0.2-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS9.3AI score0.01118EPSS
Exploits0References2
OSV
OSV
added 2024/06/15 12:0 a.m.13 views

OPENSUSE-SU-2024:13534-1 avif-tools-1.0.3-1.1 on GA media

These are all security issues fixed in the avif-tools-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.7AI score0.00653EPSS
Exploits0References1
NVD
NVD
added 2024/05/15 7:15 a.m.22 views

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/15 6:51 a.m.33 views

CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6AI score0.0042EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/04 12:0 a.m.5 views

The vulnerability of the Libavif library for encoding and decoding .avif files allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information. This vulnerability is exploitable through attacks using Google Chrome and Microsoft Edge browsers.

The vulnerability of the Libavif library for encoding and decoding .avif files in Google Chrome and Microsoft Edge browsers is related to the issue of operations going beyond the buffer boundaries in memory when processing .avif files. Exploiting this vulnerability can allow an attacker to...

10CVSS7.8AI score0.01118EPSS
Exploits0References15Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/12/04 12:0 a.m.5 views

The vulnerability of the Libavif library for encoding and decoding .avif files allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information. This vulnerability is exploitable through attacks using Google Chrome and Microsoft Edge browsers.

The vulnerability of the Libavif library for encoding and decoding .avif files in Google Chrome and Microsoft Edge browsers is related to the use of memory after file processing for .avif formats. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, an...

10CVSS7.6AI score0.00913EPSS
Exploits0References14Affected Software4
Veracode
Veracode
added 2023/12/01 3:14 p.m.33 views

Use After Free

Google Chrome is vulnerable to Use After Free. The vulnerability exists in libavif, potentially enabling an attacker to exploit heap corruption through a maliciously crafted AVIF file...

8.8CVSS6.7AI score0.01118EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2023/12/01 3:14 p.m.29 views

Use After Free

Google Chrome is vulnerable to Use After Free. The vulnerability exists in libavif, potentially enabling an attacker to exploit heap corruption through a maliciously crafted AVIF file...

8.8CVSS6.6AI score0.00913EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2023/11/30 2:6 a.m.9 views

SUSE CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS7.1AI score0.01118EPSS
Exploits0References7
OSV
OSV
added 2023/11/29 12:15 p.m.7 views

DEBIAN-CVE-2023-6351

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS8.2AI score0.00913EPSS
Exploits0References1
OSV
OSV
added 2023/11/29 12:15 p.m.22 views

CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS6.2AI score
Exploits0References7
NVD
NVD
added 2023/11/29 12:15 p.m.24 views

CVE-2023-6351

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS0.00913EPSS
Exploits0References7
OSV
OSV
added 2023/11/29 12:15 p.m.24 views

CVE-2023-6351

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS6.2AI score
Exploits0References7
OSV
OSV
added 2023/11/29 12:15 p.m.7 views

DEBIAN-CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS8.2AI score0.01118EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/11/29 12:15 p.m.30 views

CVE-2023-6351

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS7.2AI score0.00913EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/11/29 12:15 p.m.35 views

CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS7.2AI score0.01118EPSS
Exploits0References6
Prion
Prion
added 2023/11/29 12:15 p.m.31 views

Design/Logic Flaw

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

6.8CVSS7.2AI score0.01118EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2023/11/29 12:15 p.m.33 views

Design/Logic Flaw

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

6.8CVSS7.2AI score0.00913EPSS
Exploits0References7Affected Software3
Rows per page
Query Builder