PT-2023-6275 · Unknown · Reciply Plugin

Name of the Vulnerable Software and Affected Versions: reciply Plugin versions 1.1.7 and earlier Description: A critical issue affects the processing of the file uploadImage.php, leading to unrestricted upload. The attack may be initiated remotely, potentially allowing an attacker to execute...

Denial Of Service (DoS)

libtiff.so is vulnerable to Denial of Service DoS. The vulnerability is due to the OJPEGReadHeaderInfoSecTablesQTable function in tifojpeg.c, which allows an attacker to cause a denial of service DoS attack by tricking a victim into opening a specially crafted TIFF image file...

CVE-2023-3576

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denia...

LibTIFF Security Vulnerability

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF that stems from a memory leak when tiffcrop operates on TIFF image files, causing the application ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the stbiconvertformat function. An attacker can cause a denial of service by using a crafted pic file. Remediation There is no fixed version for stb. References - PoC Credit: peccc...

DEBIAN-CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

UBUNTU-CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

The vulnerability of the PDF-XChange PDF document viewing and editing program, related to out-of-memory reading, allows attackers to disclose protected information.

The vulnerability of the PDF document viewing and editing software PDF-XChange is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created TIF file...

CVE-2023-41484

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

Heap Buffer Overflow

libwebp.so is vulnerable to Out Of Bounds Memory Write. The vulnerability is due to the BuildHuffmanTable function in src/dec/vp8ldec.c improperly allocating memory to the table when parsing a stream, which results in an application crash or Arbitrary Code Execution when reading a crafted webp...

USN-6367-1: Firefox vulnerability

It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code. CVE-2023-4863...

Mars: **"CSRF Vulnerability in ███████ Website Allows Attackers to Change User Profile Picture at ███████"**

The identified vulnerability is a CSRF vulnerability that allowed an attacker to change the user's profile picture on the ███████ website. The vulnerability was successfully reproduced by creating an account, navigating to the profile picture upload section, and utilizing the provided exploit cod...

The vulnerability of the pngimage.c component in the libpng library, which allows a hacker to cause a service failure.

The vulnerability of the pngimage.c component in the libpng library arises due to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created PNG file...

USN-6353-1 plib vulnerability

Wooseok Kang discovered that PLIB did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TGA file, an attacker could possibly use this issue to cause applications using PLIB to crash, resulting in a denial of service, or possibly execut...

Oracle Linux 7 : exiv2 (ELSA-2019-2101)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2101 advisory. 0.27.0-2 - Minor improvements Resolves: bz1652637 0.27.0-1 - Exiv2 0.27.0 Resolves: bz1652637 Tenable has extracted the preceding description block...

Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne (ELSA-2020-5766)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5766 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31446720 CVE-2020-0543 - x86/speculation: Add Special Regist...

Fedora 38 : freeimage / mingw-freeimage (2023-a8b26b910d)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a8b26b910d advisory. Update to latest svn revision. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

The vulnerability of the 3D viewing tool JT JT2Go, the Product Lifecycle Management system Teamcenter Visualization, and the design tool suite lies in the ability to write code outside the buffer memory, allowing attackers to execute arbitrary code.

The vulnerability of the 3D viewing tool JT/JT2Go, part of the Teamcenter Visualization product lifecycle management system, lies in the ability to write data beyond the buffer limit in memory. Exploiting this vulnerability could allow attackers to execute arbitrary code by introducing a speciall...

Imaging Input Validation Error Vulnerability

Imaging is a simple Go image processing package from the individual developer Grigory Dryapak. A security vulnerability exists in Imaging version 1.6.2, which stems from a vulnerability that allows an attacker to cause a panic in the scanning functionality of Scanner.go via a crafted TIFF file...