The vulnerability of the Convert::ASN1 module in the data processing library using ASN.1 definitions allows a attacker to cause a service failure.

The vulnerability of the Convert::ASN1 module in the data processing library that uses ASN.1 definitions allows for a loop with an unreachable exit condition. Exploiting this vulnerability can enable a malicious actor to cause service failures...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

Out-of-bounds

In ufdtoutputpropertytofdt of ufdtconvert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Heap overflow

In ufdtoutputnodetofdt of ufdtconvert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2023-17823 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In the ufdt output node to fdt function of ufdt convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution...

CVE-2023-28677

The CVE-2023-28677 entry concerns the Jenkins Convert To Pipeline Plugin (1.0 and earlier). The vulnerability arises from using basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions into Pipeline invocations, enabling an attacker who can ...

CVE-2023-28676

CVE-2023-28676 describes a cross-site request forgery (CSRF) vulnerability in the Jenkins Convert To Pipeline Plugin, version 1.0 and earlier. The flaw allows an attacker to create a Pipeline based on a Freestyle project, which can potentially lead to remote code execution (RCE). Public reference...

Jenkins Plugins Convert To Pipeline 命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-2190 · Jenkins · Jenkins Convert To Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convert To Pipeline Plugin versions 1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE. The...

Medium: ImageMagick

Issue Overview: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file,...

Medium: ImageMagick

Issue Overview: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file,...

CVE-2023-24737

PMB v7.4.6 contains a reflected XSS via the query parameter on /admin/convert/export_z3950.php (export_z3950.php). The issue, documented across sources (NVD/Nuclei), is caused by insufficient input sanitization of the query parameter, enabling injected scripts to run in users’ browsers. Impact pe...

CVE-2023-24733

PMB v7.4.6 has a reflected Cross-Site Scripting (XSS) vulnerability via the query parameter in /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script into the browser context of the affected site, potentially stealing cookie-based authentication credentials, enabling session...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient input validation which allows an administrator with upload file permission to create products which results in arbitrary code execution via the convert profile...

SUSE CVE-2005-1349

Buffer overflow in Convert-UUlib Convert::UUlib before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation...

SUSE CVE-2010-1914

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the 1 ZENDBWXOR opcode shiftleftfunction, 2 ZENDSL opcode bitwisexorfunction, or 3 ZENDSR opcode shiftrightfunction, related to the...

SUSE CVE-2010-2810

Heap-based buffer overflow in the converttoidna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed URL containing a % percent character in...

SUSE CVE-2011-1027

Off-by-one error in the convertqueryhexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service infinite loop via a string composed of a % percent character followed by invalid hex characters, as demonstrated by a %gg sequence...

SUSE CVE-2013-7488

perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected input...

SUSE CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...