86 matches found
PT-2024-39396 · WordPress · Avif & Svg Uploader
Name of the Vulnerable Software and Affected Versions: AVIF & SVG Uploader plugin for WordPress version 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
WordPress AVIF & SVG Uploader Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software AVIF & SVG Uploader Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9060 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6e662df81c43 Credits Francesco Carlucci...
OPENSUSE-SU-2024:13476-1 avif-tools-1.0.2-1.1 on GA media
These are all security issues fixed in the avif-tools-1.0.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13534-1 avif-tools-1.0.3-1.1 on GA media
These are all security issues fixed in the avif-tools-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-4636
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
The vulnerability of the Libavif library for encoding and decoding .avif files allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information. This vulnerability is exploitable through attacks using Google Chrome and Microsoft Edge browsers.
The vulnerability of the Libavif library for encoding and decoding .avif files in Google Chrome and Microsoft Edge browsers is related to the issue of operations going beyond the buffer boundaries in memory when processing .avif files. Exploiting this vulnerability can allow an attacker to...
The vulnerability of the Libavif library for encoding and decoding .avif files allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information. This vulnerability is exploitable through attacks using Google Chrome and Microsoft Edge browsers.
The vulnerability of the Libavif library for encoding and decoding .avif files in Google Chrome and Microsoft Edge browsers is related to the use of memory after file processing for .avif formats. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, an...
Use After Free
Google Chrome is vulnerable to Use After Free. The vulnerability exists in libavif, potentially enabling an attacker to exploit heap corruption through a maliciously crafted AVIF file...
Use After Free
Google Chrome is vulnerable to Use After Free. The vulnerability exists in libavif, potentially enabling an attacker to exploit heap corruption through a maliciously crafted AVIF file...
SUSE CVE-2023-6350
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
DEBIAN-CVE-2023-6351
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6350
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6351
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6351
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
DEBIAN-CVE-2023-6350
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6351
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6350
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
Design/Logic Flaw
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
Design/Logic Flaw
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...