Lucene search
K

336 matches found

Prion
Prion
added 2023/04/14 2:15 p.m.12 views

Information disclosure

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

5CVSS7.3AI score0.00747EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.25 views

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

7.5AI score0.00747EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.7 views

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

7.3AI score0.00747EPSS
Exploits1References1
CVE
CVE
added 2023/04/14 12:0 a.m.43 views

CVE-2023-29850

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 is affected: it does not strip EXIF data from uploaded images, allowing disclosure of information such as geolocation and device data. The underlying root cause is the failure to strip metadata in image uploads. Current connected documents d...

7.5CVSS7.3AI score0.00747EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/04/11 12:30 p.m.22 views

GHSA-8JG3-RX43-3FV4 Answer vulnerable to Exposure of Sensitive Information Through Metadata

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 may expose sensitive information, such as EXIF data and GPS coordatinates, via image metadata...

6.5CVSS6.4AI score0.00597EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.9 views

answer 安全漏洞

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...

7.6CVSS6AI score0.00586EPSS
Exploits1References3
Huntr
Huntr
added 2023/03/29 5:58 a.m.84 views

Information leakage in EXIF data of images

Description EXIF stands for Exchangeable Image File Format and the EXIF data contains information such as the camera model and make, shutter speed, aperture, focal length, ISO number, date, time and much more. It can also store GPS coordinates of the location where an image was shot. Proof of...

4.3CVSS6.3AI score0.00597EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 8:50 p.m.28 views

EXIF Geolocation Data Not Stripped From brand logo

When the user uploads his logo, the uploaded image’s EXIF Geo-location Data does not get stripped. As a result, anyone can get sensitive information like user's Device ID, Geo Location, System Information, System version, ETC. Step to reproduce: 1. Upload logo with EXIF DATA, or download from her...

4.3CVSS6.2AI score0.00586EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2645

Integer overflow in the exifdataloaddataentry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted EXIF data, involving the 1 doff or 2 s variable...

9.3CVSS8.2AI score0.13162EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2007-6352

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exifdataloaddatathumbnail function in exif-data.c...

6.8CVSS8.2AI score0.02727EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-1185

Multiple integer overflows in 1 magick/profile.c or 2 magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE:...

7.8CVSS7.8AI score0.29677EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.4 views

SUSE CVE-2012-2836

The exifdataloaddata function in exif-data.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory via crafted EXIF tags in an image...

6.4CVSS7AI score0.06221EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.5 views

SUSE CVE-2015-0232

The exifprocessunicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service uninitialized pointer free and application crash via crafted EXIF data in a JPEG image...

6.8CVSS8AI score0.15366EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.1 views

SUSE CVE-2016-3822

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds access via crafted EXIF data, aka internal bug...

7.8CVSS9.5AI score0.01267EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.2 views

SUSE CVE-2017-7544

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure...

3.3CVSS7AI score0.03273EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.6 views

SUSE CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

8.8CVSS9.6AI score0.07159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.3 views

SUSE CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

6.5CVSS9.2AI score0.07473EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.3 views

SUSE CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

6.5CVSS9.2AI score0.07624EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

5CVSS8.3AI score0.00301EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.2 views

SUSE CVE-2020-0198

In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14642894...

5.3CVSS9.1AI score0.04262EPSS
Exploits0References5
Rows per page
Query Builder