PT-2022-9683 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object to obtain the credentials of...

CVE-2021-25746

A flaw was found in the ingress-nginx controller. When a user creates or updates ingress objects, credentials of the ingress-nginx controller can be obtained by accessing .metadata.annotations...

CVE-2022-28237

Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

Puppet 输入验证错误漏洞

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the United States, which can be used to manage profiles, users, cron tasks, packages, system services, and more. A security vulnerability exists in the Puppet Firewall Module, which stems...

Out-of-bounds Memory Access

chromium:sid is vulnerable to out of bounds memory access. The vulnerability exist in A.scad file with no trailing newline allowing an out-of-bounds read during parsing of annotations...

nuclei-templates

This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the Nuclei scanner, which powers the actual scanning engine. The templates are provided by the project's team...

The vulnerability of the PDF editing software Foxit PhantomPDF and the text viewing software Foxit Reader for Windows operating systems arises from allowing operations beyond the buffer boundaries in memory, enabling attackers to execute arbitrary code.

The vulnerability of the Foxit PhantomPDF PDF editing program and the Foxit Reader text viewing program for Windows operating systems relates to the execution of operations beyond the buffer in memory when processing annotation objects. Exploiting this vulnerability allows a malicious actor to...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

CVE-2021-34846

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-34836

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2021-5391 · Foxit · Foxit Phantompdf +1

Name of the Vulnerable Software and Affected Versions: Foxit PhantomPDF and Foxit Reader affected versions not specified Description: The issue is related to an out-of-bounds read in the handling of Annotation objects, which can result from the lack of proper validation of user-supplied data. Thi...

The vulnerability of the implementation of syntactic analysis for PDF format files in the Autodesk Design Review software allows a perpetrator to execute arbitrary code.

The vulnerability of the PDF syntax analysis implementation in the Autodesk Design Review software for applying electronic annotations is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

Imagegear has a denial of service vulnerability

ImageGear is a graphic image processing software with scanning, compression, viewing, printing, adding annotations, image editing and other features that enable developers to quickly develop image processing programs. Imagegear suffers from a denial of service vulnerability that can be exploited ...

Imagegear suffers from a denial of service vulnerability (CNVD-2021-50962)

ImageGear is a graphic image processing software with scanning, compression, viewing, printing, adding annotations, image editing and other features that enable developers to quickly develop image processing programs. Imagegear suffers from a denial of service vulnerability that can be exploited ...

Imagegear suffers from a denial of service vulnerability (CNVD-2021-50961)

ImageGear is a graphic image processing software with scanning, compression, viewing, printing, adding annotations, image editing and other features that enable developers to quickly develop image processing programs. Imagegear suffers from a denial of service vulnerability that can be exploited ...

PDF Feature ‘Certified’ Widely Vulnerable to Attack

Certified portable document format PDF files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of...

GHSA-2V6X-FRW8-7R7F Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...

Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...

GO-2022-0621 Exposure of sensitive information in k8s.io/kube-state-metrics

Exposing annotations as metrics can leak secrets. An experimental feature of kube-state-metrics enables annotations to be exposed as metrics. By default, metrics only expose metadata about secrets. However, a combination of the default kubectl behavior and this new feature can cause the entire...