GHSA-9GR3-7897-PP7M XSS in Image Optimization API for Next.js

Impact - Affected: All of the following must be true to be affected - Next.js between version 10.0.0 and 11.1.0 - The next.config.js file has images.domains array assigned - The image host assigned in images.domains allows user-provided SVG - Not affected: The next.config.js file has images.loade...

CVE-2021-36077

Adobe Bridge version 11.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82984)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

Adobe Illustrator 2021 OS Command Injection Vulnerability

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 version 25.2.3 and earlier is vulnerable to a security flaw. An attacker can exploit this vulnerability to achieve arbitrary code execution in the context of the current user...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64077)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64079)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

PT-2021-22497 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.19 Description: The issue allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files, bypassing the clean file output protection mechanism. This enables the execution of arbitrary code,...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-68450)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.The MPEG-4 decoding feature of GPAC Project on Advanced Content library 1.0.1 suffers from an integer...

CVE-2021-37710

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

CVE-2021-24362

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will b...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. 10Web â€" A cross-site scripting vulnerabilit...

Shopware 跨站脚本漏洞

Shopware is an open source e-commerce software. cross-site scripting vulnerability exists in versions of Shopware prior to 6.4.3.1. An attacker can exploit the vulnerability to conduct cross-site scripting attacks via SVG media files...

Adobe Illustrator 2021 post-release reuse vulnerability (CNVD-2021-74115)

Adobe Illustrator 2021 is a vector drawing software. A security vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions when handling specially crafted files. An attacker can exploit the vulnerability to read arbitrary file systems...

CVE-2021-3159

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...

Landray EKP 跨站脚本漏洞

Landray EKP is an office automation solution that enables companies to easily model and manage... A cross-site scripting vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 could allow an attacker to execute arbitrary web script or HTML via a crafted...

Adobe Illustrator 2021 out-of-bounds write vulnerability (CNVD-2021-55964)

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

Adobe Illustrator 2021 Post-release Reuse Vulnerability

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to read arbitrary file systems...

Adobe Illustrator 2021 Out-of-Bounds Write Vulnerability (CNVD-2021-55965)

Adobe Illustrator 2021 is a vector drawing software. An out-of-bounds write vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

The vulnerability of the qsvghandler.cpp component of the cross-platform development framework for Qt software, related to the lack of a mechanism for checking input data, allows attackers to trigger service failures.

The vulnerability of the qsvghandler.cpp component of the cross-platform framework for developing Qt software is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to trigger a service failure by using an altered SVG image...

The vulnerability of the EncodeImage function in the coders/pict.c component of the console image editing tool ImageMagick, which involves reading data beyond the allowed buffer limits, allows a hacker to cause a service failure.

The vulnerability of the EncodeImage function in the coders/pict.c component of the console-based graphic editor ImageMagick involves reading data from beyond the allowed buffer limits. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using a specially...