Design/Logic Flaw

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...

UBUNTU-CVE-2022-1210

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...

CVE-2022-1210 LibTIFF tiff2ps resource consumption

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...

CVE-2022-1210

CVE-2022-1210 affects LibTIFF 4.3.0, specifically the TIFF File Handler in tiff2ps. Opening a malicious TIFF can cause a denial of service; the vulnerability is remotely exploitable but requires user interaction. The exploit has been disclosed publicly. The connected documents confirm the affecte...

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

...

CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

DEBIAN-CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

Directory Traversal

convert-svg-core, convert-svg-to-png and convert-svg-to-jpeg are vulnerable to directory traversal. The vulnerability exists because of the code of the component SVG File Handler which allows an attacker to read arbitrary files from the file system and then show the file content using a specially...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.15 and fixes at least the following security issues: A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS...

CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

Denial Of Service (DoS) Through Heap Buffer Overflow

libheif.so is vulnerable to denial of service through heap-based buffer overflow attacks. The vulnerability exists in 'convertcolorspace' in 'heifcolorconversion.cc' of the heif file handler. A malicious attacker is able to send a crafted HEIF to gain sensitive information and cause an applicatio...

CVE-2021-39212

A flaw was found in ImageMagick in the Postscript File Handler component. An attacker could exploit this flaw which would, in some cases, lead to postscript files to be read and written to even when specifically excluded by a module policy in policy.xml. Mitigation Users are advised to use the...

GO-2021-0051 Directory traversal on Windows in github.com/labstack/echo/v4

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

GO-2020-0039 Open redirect in gopkg.in/macaron.v1

Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

PT-2021-12080 · Unknown · Static File Handler

Name of the Vulnerable Software and Affected Versions: Static File Handler affected versions not specified Description: The issue arises from improper sanitization of user input on Windows, allowing the static file handler to permit directory traversal. This enables an attacker to read files...

CVE-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Recent assessments: gwillcox-r7 at January 15, 2021 7:39pm UTC reported: Edit: PoC code for this can be found at along with the original advisory. An interesting vulnerability using the...

CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...

Foxit Studio Photo < 3.6.6.913 Multiple Vulnerabilities

According to its self-reported version, the Foxit Studio Photo application installed on the remote Windows host is affected by multiple vulnerabilities: - An out-of-bounds read error exist in the TIF file handler when processing InkNames of TIFFSetField due to improper validation of user-supplied...

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

PT-2019-6422 · Plan 9 +1 · Rc +1

Name of the Vulnerable Software and Affected Versions: rc versions prior to 1.7.1-5 Description: The issue is related to insufficient input validation in the Temp File Handler component of the Plan 9 rc command shell. This can be exploited by a remote attacker to create arbitrary temporary files...