Lucene search
K

114 matches found

RedHat Linux
RedHat Linux
added 2022/02/22 5:47 p.m.2 views

python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes...

6.5CVSS5.9AI score0.01957EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/22 5:47 p.m.4 views

python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to improperly initializing the ImagePath. This flaw allows an attacker to access unauthorized memory that causes memory access errors, incorrect results, or crashes...

6.5CVSS5.8AI score0.02556EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/22 3:58 p.m.4 views

python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes...

6.5CVSS5.9AI score0.01957EPSS
Exploits0References5
OSV
OSV
added 2022/01/10 2:12 p.m.1 views

DEBIAN-CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS6.7AI score0.02556EPSS
Exploits0References1
OSV
OSV
added 2022/01/10 2:12 p.m.2 views

DEBIAN-CVE-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

6.5CVSS7AI score0.01957EPSS
Exploits0References1
OSV
OSV
added 2022/01/10 2:12 p.m.1 views

UBUNTU-CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS6.7AI score0.02556EPSS
Exploits0References5
PyPA
PyPA
added 2022/01/10 2:12 p.m.6 views

PYSEC-2022-9

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

6.5CVSS7.2AI score0.01957EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/10 2:12 p.m.6 views

CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS6.7AI score0.02556EPSS
Exploits0References6
OSV
OSV
added 2022/01/10 2:12 p.m.2 views

UBUNTU-CVE-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

6.5CVSS6.9AI score0.01957EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.4 views

Pillow 安全漏洞

Pillow is a Python based image processing library. A security vulnerability exists in Pillow before 9.0.0 that stems from pathgetbbox in path.c incorrectly initializing ImagePath...

6.5CVSS6.7AI score0.02556EPSS
Exploits0References15
OSV
OSV
added 2021/12/03 10:15 p.m.1 views

UBUNTU-CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

8.8CVSS5.7AI score0.01182EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/12/03 9:20 p.m.38 views

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

8.6AI score0.01182EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/12/03 9:20 p.m.21 views

CVE-2021-43415

Removed by vendor...

8.8CVSS8.7AI score0.01182EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/03/09 12:0 a.m.3 views

The vulnerability of the xps_finish_image_path() function (device/vector/gdevxps.c) in the software suite for processing, transforming, and generating Ghostscript documents allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the xpsfinishimagepath function device/vector/gdevxps.c in the software suite for processing, transforming, and generating Ghostscript documents is related to its use after release. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

6.8CVSS7.1AI score0.01793EPSS
Exploits1References14Affected Software3
OSV
OSV
added 2020/08/13 3:15 a.m.2 views

DEBIAN-CVE-2020-16303

A use-after-free vulnerability in xpsfinishimagepath in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51...

7.8CVSS7.4AI score0.01793EPSS
Exploits1References1
OSV
OSV
added 2020/05/04 3:15 p.m.1 views

DEBIAN-CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS9AI score0.84456EPSS
Exploits1References1
Veracode
Veracode
added 2020/02/05 4:2 a.m.19 views

OS Command Injection

im-resize is vulnerble to OS command injection. Lack of validation allows an attacker to inject and execute arbitrary OS commands on the system using a malicious image path value...

9.8CVSS4.6AI score0.03799EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/03/07 12:0 a.m.3 views

OFCMS backend ueditor uploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend ueditor uploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account the file.jsp::$DATA of the...

8.8CVSS7.6AI score0.02695EPSS
Exploits1References1
Metasploit
Metasploit
added 2018/10/31 7:36 p.m.38 views

iOS Image Gatherer

This module collects images from iPhones. Module was tested on iOS 10.3.3 on an iPhone 5. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iOS Image Gatherer', 'Description' = %q This module...

6.9AI score
Exploits0
Prion
Prion
added 2017/12/11 5:29 p.m.24 views

Design/Logic Flaw

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."...

7.2CVSS6.5AI score0.00434EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder