Lucene search
K

168 matches found

CNNVD
CNNVD
added 2023/09/21 12:0 a.m.7 views

DataEase Code Issues Vulnerabilities

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A code issue vulnerability exists in DataEase versions prior to 1.18.11. The vulnerability stems...

7.5CVSS6.9AI score0.00636EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.3 views

Cisco IOS XR Security Vulnerability

Cisco IOS and Cisco IOS XR are both operating systems developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which is caused by a code execution flaw in the image validation checking process. An authenticated attacker could exploit this vulnerability to execu...

7CVSS7.9AI score0.00088EPSS
Exploits0References3
Veracode
Veracode
added 2023/07/28 11:17 p.m.21 views

Missing Image Validation

github.com/crossplane/crossplane is vulnerable to Missing Image Validation. The vulnerability exists in imageback.go due to a lack of image validation inside the packages, which allows an attacker bypass the detection mechanism for tampered packages...

9.8CVSS6.8AI score0.00719EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/07/28 3:33 p.m.16 views

GHSA-PJ4X-2XR5-W87M Possible image tampering from missing image validation for Packages

Impact Crossplanes image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. Patches The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0, all the supported versions of Crossplane at the time of...

8.3CVSS9AI score0.00719EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/07/28 3:33 p.m.30 views

Possible image tampering from missing image validation for Packages

Impact Crossplanes image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. Patches The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0, all the supported versions of Crossplane at the time of...

9.8CVSS6.8AI score0.00719EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/07/27 7:15 p.m.24 views

Code injection

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...

7.5CVSS9.4AI score0.00719EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/27 6:7 p.m.19 views

CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...

8.3CVSS9.4AI score0.00719EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/27 6:7 p.m.41 views

CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...

8.3CVSS9.7AI score0.00719EPSS
Exploits1References2
CVE
CVE
added 2023/07/17 3:32 p.m.37 views

CVE-2023-3614

CVE-2023-3614 describes a denial-of-service in Mattermost caused by improper validation of GIF image files. The vulnerability can be triggered by linking to a specially crafted GIF, allowing an attacker to exhaust server resources and render the server unresponsive for an extended period. Root ca...

4.3CVSS4.3AI score0.00317EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.4 views

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from the US company Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly validate gif image files, which allows an attacker to link to a specially crafted image file to make the server unresponsiv...

4.3CVSS4.9AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.6 views

PT-2023-25450 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from the improper validation of a gif image file, allowing an attacker to consume a significant amount of server resources. This can be achieved by linking to a speciall...

4.3CVSS3.7AI score0.00317EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/06/23 11:2 p.m.14 views

CVE-2023-1721 Yoga Class Registration System 1.0 - RCE

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

9.1CVSS7.3AI score0.0099EPSS
Exploits1References2
Veracode
Veracode
added 2023/04/27 10:7 a.m.31 views

Remote Code Execution (RCE)

ulearnpro/ulearn is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of upload image validation, which allows an attacker to upload and execute malicious code on the system...

7.2CVSS7.5AI score0.01018EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/09 11:15 p.m.2 views

CVE-2022-3416

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS5.9AI score0.17285EPSS
Exploits1References1
NVD
NVD
added 2023/01/09 11:15 p.m.28 views

CVE-2022-3416

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS6.9AI score0.17285EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.4 views

WordPress Plugin WPtouch 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

7.2CVSS7.2AI score0.17285EPSS
Exploits1References2
Prion
Prion
added 2022/12/23 11:15 p.m.17 views

Input validation

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...

5.1CVSS7.9AI score0.00956EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/12/23 12:0 a.m.19 views

CVE-2022-47633

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...

8.1CVSS8AI score0.00956EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/12/15 12:0 a.m.21 views

Zoom Client for Meetings < 5.6.3 Vulnerability (ZSB-21002)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.6.3. It is, therefore, affected by a vulnerability as referenced in the ZSB-21002 advisory. - A heap based buffer overflow exists in all desktop versions of the Zoom Client for Meetings before version 5.6.3. This...

9CVSS8.9AI score0.05837EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/11/08 8:48 p.m.16 views

Withdrawn: Octocat.js vulnerable to code injection

Withdrawn This advisory has been withdrawn because it is a test. Original Description Impact Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. Patches This vulnerability was fixed in version 1.2 of...

1.1AI score
Exploits0References3Affected Software1
Rows per page
Query Builder