168 matches found
DataEase Code Issues Vulnerabilities
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A code issue vulnerability exists in DataEase versions prior to 1.18.11. The vulnerability stems...
Cisco IOS XR Security Vulnerability
Cisco IOS and Cisco IOS XR are both operating systems developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which is caused by a code execution flaw in the image validation checking process. An authenticated attacker could exploit this vulnerability to execu...
Missing Image Validation
github.com/crossplane/crossplane is vulnerable to Missing Image Validation. The vulnerability exists in imageback.go due to a lack of image validation inside the packages, which allows an attacker bypass the detection mechanism for tampered packages...
GHSA-PJ4X-2XR5-W87M Possible image tampering from missing image validation for Packages
Impact Crossplanes image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. Patches The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0, all the supported versions of Crossplane at the time of...
Possible image tampering from missing image validation for Packages
Impact Crossplanes image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. Patches The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0, all the supported versions of Crossplane at the time of...
Code injection
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2023-3614
CVE-2023-3614 describes a denial-of-service in Mattermost caused by improper validation of GIF image files. The vulnerability can be triggered by linking to a specially crafted GIF, allowing an attacker to exhaust server resources and render the server unresponsive for an extended period. Root ca...
Mattermost 资源管理错误漏洞
Mattermost is an open source collaboration platform from the US company Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly validate gif image files, which allows an attacker to link to a specially crafted image file to make the server unresponsiv...
PT-2023-25450 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from the improper validation of a gif image file, allowing an attacker to consume a significant amount of server resources. This can be achieved by linking to a speciall...
CVE-2023-1721 Yoga Class Registration System 1.0 - RCE
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...
Remote Code Execution (RCE)
ulearnpro/ulearn is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of upload image validation, which allows an attacker to upload and execute malicious code on the system...
CVE-2022-3416
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2022-3416
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
WordPress Plugin WPtouch 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...
Input validation
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...
CVE-2022-47633
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry or a man-in-the-middle attacker to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations a...
Zoom Client for Meetings < 5.6.3 Vulnerability (ZSB-21002)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.6.3. It is, therefore, affected by a vulnerability as referenced in the ZSB-21002 advisory. - A heap based buffer overflow exists in all desktop versions of the Zoom Client for Meetings before version 5.6.3. This...
Withdrawn: Octocat.js vulnerable to code injection
Withdrawn This advisory has been withdrawn because it is a test. Original Description Impact Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. Patches This vulnerability was fixed in version 1.2 of...