EulerOS Virtualization 2.10.0 : libtiff (EulerOS-SA-2023-2937)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. CVE-2023-26965 -...

FreeBSD : electron27 -- multiple vulnerabilities (d1b20e09-dbdf-432b-83c7-89f0af76324a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d1b20e09-dbdf-432b-83c7-89f0af76324a advisory. - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to...

FreeBSD : electron26 -- multiple vulnerabilities (0cee4f9c-5efb-4770-b917-f4e4569e8bec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0cee4f9c-5efb-4770-b917-f4e4569e8bec advisory. - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to...

CVE-2023-52275

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...

Design/Logic Flaw

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension...

The vulnerability of the LZWDecode function in the libtiff/tif_lzw.c component of the LibTIFF library, which allows a hacker to cause a service failure.

The vulnerability of the LZWDecode function in the libtiff/tiflzw.c component of the LibTIFF library is related to reading data beyond the allowable buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions through a specially created TIF file...

Debian DSA-5579-1 : freeimage - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5579 advisory. Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if...

Use After Free

Chromium is vulnerable to Use After Free. The vulnerability is caused because of a User After Free error in libavif component. A remote attacker can exploit Heap Corruption via a crafted image file...

SUSE CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

Fedora 38 : chromium (2023-3d9f7ca27f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d9f7ca27f advisory. update to 120.0.6099.109 - High CVE-2023-6702: Type Confusion in V8 - High CVE-2023-6703: Use after free in Blink - High CVE-2023-6704: Use after fr...

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

Design/Logic Flaw

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

CVE-2023-6704

Use-after-free in libavif in Google Chrome (Chromium) prior to 120.0.6099.109 can allow a remote attacker to potentially trigger heap corruption via a crafted image file. Official advisories and vendor updates indicate the fix is included in Chrome/Chromium version 120.0.6099.109 and later. Affec...

CVE-2023-6704

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Chromium security severity: High...

Privilege escalation

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...

Debian dla-3662 : libfreeimage-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3662 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3662-1 [email protected]...