WordPress Easy Social Icons plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...

Spoofing

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

New Backdoor Targets French Entities via Open-Source Package Installer

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attribute...

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2022:0088-1 Rating: important References: 1192357 1194303 1194304 1194487 1195758 Cross-References: CVE-2021-40985 CVE-2021-43579 CVE-2021-45944 CVE-2021-45949 CVE-2022-0534 CVSS scores: CVE-2021-40985 NVD : 5.5...

OESA-2022-1586 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

...

CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

DEBIAN-CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

CVE-2022-24457

HEIF Image Extensions Remote Code Execution Vulnerability...

Silicon Graphics LibTIFF 缓冲区错误漏洞

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains some command line tools for working with TIFF files. A security vulnerability exists in Silicon Graphics LibTIFF, which stems from an attacker's abili...

CVE-2022-0891

CVE-2022-0891 is a heap buffer overflow in ExtractImageSection (tiffcrop.c) of libtiff 4.3.0. A crafted TIFF image can trigger unsafe/out-of-bounds memory access, causing application crash and potential information disclosure. Connected advisories (Astra Linux, AlmaLinux, Arch Linux, Debian secur...

CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

Home Owners Collection Management System 代码问题漏洞

A remote code execution vulnerability exists in Home Owners Collection Management System, a homeowner collection management system, which can be exploited by attackers to execute arbitrary code via a crafted PNG file...

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

Design/Logic Flaw

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

CVE-2022-0545

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is...

CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...