Lucene search
K

2076 matches found

OSV
OSV
added 2019/04/08 7:29 p.m.3 views

UBUNTU-CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a quoted font family value...

9.8CVSS7.2AI score0.03532EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.3 views

A vulnerability in the library for processing and transforming HTML/XML code fragments, called Ruby Loofah, arises due to improper handling of input during web page generation. This vulnerability allows attackers to inject arbitrary JavaScript code.

The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to insufficient cleaning of SVG elements in JavaScript. Exploiting this vulnerability allows a remote attacker to inject arbitrary JavaScript code...

5.4CVSS6.5AI score0.0091EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2019/03/28 12:0 a.m.3 views

PT-2019-4931 · Imagemagick +1 · Imagemagick +1

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.8-36 Q16 Description: The issue is related to a memory leak in the SVGKeyValuePairs function of coders/svg.c, which can be exploited by an attacker to cause a denial of service via a crafted image file. This is due to...

9.8CVSS6.3AI score0.49324EPSS
Exploits49References200
OSV
OSV
added 2019/02/19 5:29 p.m.1 views

DEBIAN-CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

8.8CVSS8.8AI score0.01794EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/02/12 2:46 a.m.6 views

chromium-browser: Type Confusion in SVG

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

8.8CVSS7.4AI score0.01794EPSS
Exploits0References5
Fedora
Fedora
added 2019/02/10 2:36 a.m.37 views

[SECURITY] Fedora 28 Update: libwmf-0.2.12-1.fc28

A library for reading and converting Windows MetaFile vector graphics WMF...

9.8CVSS2.6AI score0.04416EPSS
Exploits0
Fedora
Fedora
added 2019/02/10 2:34 a.m.25 views

[SECURITY] Fedora 29 Update: libwmf-0.2.12-1.fc29

A library for reading and converting Windows MetaFile vector graphics WMF...

9.8CVSS2.6AI score0.04416EPSS
Exploits0
CNVD
CNVD
added 2019/01/15 12:0 a.m.3 views

SVG++ Buffer Overflow Vulnerability

SVG++ aka Ssvgpp is a C++ framework that includes an SVG syntax parser, adapters for handling parsed data, and various utilities. The framework includes an SVG syntax parser, adapters for handling parsed data, and a variety of utilities.Anti-Grain Geometry AGG is a 2D rendering library used in it...

8.8CVSS7.8AI score0.01953EPSS
Exploits1References1
OSV
OSV
added 2019/01/11 5:29 a.m.1 views

UBUNTU-CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

5.5CVSS6AI score0.01538EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2019/01/04 5:21 p.m.9 views

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

0.7AI score
Exploits0References2
CNVD
CNVD
added 2018/12/29 12:0 a.m.2 views

Kirby Cross-Site Scripting Vulnerability (CNVD-2019-03334)

Kirby is a document-based content management system CMS. A cross-site scripting vulnerability exists in Kirby version 2.5.12. The vulnerability can be exploited by a remote attacker to upload SVG files using the "site files" Add option...

4.8CVSS6.4AI score0.00559EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/27 12:0 a.m.1 views

Digia Qt Segmentation Error Vulnerability

Digia Qt is a cross-platform C++ application development framework from Digia Finland. The framework can be used to develop GUI programs. A security vulnerability exists in the qsvghandler.cpp file in Digia Qt versions prior to 5.11.3. An attacker can exploit this vulnerability to cause a denial ...

6.5CVSS6.6AI score0.02178EPSS
Exploits0References1
OSV
OSV
added 2018/12/26 9:29 p.m.2 views

DEBIAN-CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...

6.5CVSS6.5AI score0.02178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/12/06 12:0 a.m.3 views

PT-2018-15137 · Artifex · Artifex Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted svg file. This is due to a NULL pointer dereference in the svg run image function...

5.5CVSS5.8AI score0.01425EPSS
Exploits1References11
CNVD
CNVD
added 2018/12/06 12:0 a.m.3 views

Artifex MuPDF Denial of Service Vulnerability (CNVD-2019-06786)

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A denial of service vulnerability exists in the 'svgrunimage' function of the svg/svg-run.c file in Artifex MuPDF version 1.14.0. A remote attacker can exploit this vulnerability to cause a denial of service hrefatt null point...

5.5CVSS6.8AI score0.01425EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/05 12:0 a.m.3 views

ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...

6.1CVSS6.5AI score0.00692EPSS
Exploits1References1
OSV
OSV
added 2018/12/04 5:29 p.m.5 views

CVE-2018-12305

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...

6.1CVSS5.8AI score0.00692EPSS
Exploits1References1
OSV
OSV
added 2018/11/30 10:29 a.m.1 views

UBUNTU-CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svgdevendtile in fitz/svg-device.c, as demonstrated by mutool...

5.5CVSS6.3AI score0.01129EPSS
Exploits1References3
OSV
OSV
added 2018/11/12 5:29 p.m.1 views

DEBIAN-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.1AI score0.60162EPSS
Exploits0References1
OSV
OSV
added 2018/11/12 5:29 p.m.2 views

UBUNTU-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.7AI score0.60162EPSS
Exploits0References8
Rows per page
Query Builder