Astra Linux - уязвимость в pillow

The pathgetbbox function in path.c of Pillow, prior to version 9.0.0, improperly initializes ImagePath.Path...

Astra Linux - уязвимость в pillow

In the path.c file of Pillow, before version 9.0.0, there was an issue where the pathgetbbox function had a buffer over-reading during the initialization of ImagePath.Path...

Pillow has a heap buffer overflow with nested list coordinates

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...

EUVD-2009-0836

Malware in sbrugna...

EUVD-2000-1113

Malware in sbrugna...

CVE-2025-8070

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

CVE-2025-8070

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

CVE-2025-8070

The CVE-2025-8070 issue affects ABP (≤ 2.0.7.6130) and AES (≤ 1.0.6.6133). It is caused by an unquoted ImagePath registry value in the Windows service configuration, enabling a local attacker to place a malicious executable in a path with spaces (e.g., C:\Program.exe) and execute it. If the servi...

CVE-2025-8070 Windows service registered with an unquoted ImagePath vulnerability in the system registry

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

CVE-2025-8070 Windows service registered with an unquoted ImagePath vulnerability in the system registry

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges,...

ASUSTOR Backup Plan 安全漏洞

ASUSTOR Backup Plan ABP is a Windows backup tool from Hua Yun Technology ASUSTOR Inc. of Taipei, China. A security vulnerability exists in ASUSTOR Backup Plan version 2.0.7.6130 and earlier and AES version 1.0.6.6133 and earlier, which stems from an unquoted ImagePath registry value that could le...

PT-2025-30547 · Abp +1 · Abp +1

Name of the Vulnerable Software and Affected Versions: ABP versions prior to 2.0.7.6130 AES versions prior to 1.0.6.6133 Description: The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary cod...

Grafana Alloy unquoted service path

On a windows machine, the Grafana Alloy service prior to 1.3.3 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Alloy installation and do a clean install. An update will not resolve the issue. An...

SUSE-SU-2024:1673-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - Fixed ImagePath.Path array handling bsc1194552, CVE-2022-22815, bsc1194551, CVE-2022-22816 - Use snprintf instead of sprintf bsc1188574, CVE-2021-34552 - Fix Memory DOS in Icns, Ico and Blp Image Plugins. bsc1183110, CVE-2021-27921,...

BIT-PILLOW-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

SUSE CVE-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

SUSE CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

Duplicate Advisory: KubeVirt arbitrary host file read from the VM

Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...

PT-2022-14121 · Kubevirt +1 · Kubevirt +1

Name of the Vulnerable Software and Affected Versions: KubeVirt versions up to 0.56 KubeVirt version 0.55.1 Description: A path traversal vulnerability in KubeVirt allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are...

EulerOS 2.0 SP10 : python-pillow (EulerOS-SA-2022-1495)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow befor...