WordPress plugin Allow svg files 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. WordPress Allow svg files plugin...

CVE-2022-32243

When a user opens manipulated Scalable Vector Graphics .svg, svg.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32243

When a user opens manipulated Scalable Vector Graphics .svg, svg.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Samast Technologies Magicpin 代码问题漏洞

Samast Technologies Magicpin is a Samast Technologies India application that combines parts of Zomato restaurant discovery and reviews and Roposo theme-based social media network on the consumer side and Freshdesk customer management application on the restaurant side. applications. A security...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an ERP software. A cross-site scripting vulnerability exists in versions prior to facturascripts 2022.06, which stems from a lack of filename validation, and can be exploited by an attacker to upload a svg file resulting in a cross-site scripting attack...

CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

convert-svg 路径遍历漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.4 that stems from improper cleaning of SVG tags...

Directory Traversal

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted...

Arbitrary Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then...

CVE-2022-1982

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post...

PT-2022-5078 · Adobe · Indesign

Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 16.4.2 and earlier Adobe InDesign versions 17.3 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitati...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. A resource management error vulnerability exists in versions prior to Mattermost 6.6.0, which stems from uncontrolled consumption of resources and can be exploited by an attacker to crash the server via a specially crafted...

PT-2022-14234 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.6.0 and earlier Description: The issue allows an authenticated attacker to crash the server by exploiting uncontrolled resource consumption via a crafted SVG attachment on a post. Recommendations: For Mattermost versions...

The vulnerability of the software for working with animations in Adobe Character Animator lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe Character Animator software for animating graphics is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, using a specially crafted SVG file...

PT-2022-20005

Name of the Vulnerable Software and Affected Versions Jirafeau versions prior to 4.4.0 Description The file preview functionality in Jirafeau, which is enabled by default, could be exploited for cross-site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone...

Jirafeau 跨站脚本漏洞

Jirafeau is an easy way to upload files by the individual developer Jérôme Jutteau. A security vulnerability exists in Jirafeau versions prior to 4.4.0, which stems from a file preview feature enabled by default that can be used for cross-site scripting. An attacker could use this vulnerability t...

CVE-2022-29351

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here...

PT-2022-19557 · Unknown · Tiddlywiki5

Name of the Vulnerable Software and Affected Versions: Tiddlywiki5 version 5.2.2 Description: An arbitrary file upload vulnerability in the file upload module allows attackers to execute arbitrary code via a crafted SVG file. The vendor argues that this is not a legitimate issue and there is no...

Moderate: qt5-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qt: out-of-bounds write may lead to DoS CVE-2021-45930 For more details about...

qt5-qtsvg security update

An update for qt5-qtsvg is now available for Rocky Linux 8. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...