1059 matches found
CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
GHSA-H632-P764-PJQM DataFlow upload remote code execution vulnerability
Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile...
DataFlow upload remote code execution vulnerability
Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile...
PT-2023-12376 · Unknown · Openmage Lts
Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows an administrator with the permissions to upload files via DataFlow and to create products to execute arbitrary code via the convert...
Improper Input Validation
Overview directxtexdesktop2017 is a DirectXTex texture processing library Affected versions of this package are vulnerable to Improper Input Validation in the ConvertToSinglePlane function in DirectXTexConvert.cpp, when processing an invalid height value from the DDS loader for planar video...
The vulnerability in the `convert_strings` function of the `tinfo/read_entry.c` component in the input/output library for the Ncurses terminal control module allows a hacker to access confidential data and also trigger a service denial.
The vulnerability of the convertstrings function in the tinfo/readentry.c component of the input/output library for the Ncurses terminal control module is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to access confidential data and als...
PT-2025-13343 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential spectre v1 gadget in the ip metrics convert function has been resolved. The issue arises from the use of the type variable as an array index, which could lead to cpu...
MP3 Convert Lord V1.0 Local Seh Exploit
Exploit Title: MP3 Convert Lord V1.0 Local Seh Exploit Date: 06.01.2023 Vendor Homepage: http://www.avlord.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/baa965c6b5d22d62987a4638f33d5ec1/63b86eb2/3ecb/4/2 Exploit Author: Achilles Tested Version: 1.0 Tested on: Windows 7 x64 1....
docconv 操作系统命令注入漏洞
docconv is Search.io open source a library . PDF, DOC, DOCX, XML, HTML, RTF , etc. will be converted to plain text. docconv 1.3.5 previous version of the existence of operating system command injection vulnerability , the vulnerability stems from the file pdfocr.go ConvertPDFImages function has a...
PT-2022-27870 · Docconv · Docconv
Name of the Vulnerable Software and Affected Versions: docconv versions prior to 1.2.1 Description: A critical issue affects the function ConvertPDFImages of the file pdf ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely...
PT-2022-14776 · Unknown · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to an incorrect bounds check in the ufdt output strtab to fdt function of ufdt convert.c, which could lead to a possible out of bounds write. This could...
PT-2022-14767 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the ufdt get node by path len function of ufdt convert.c due to a missing bounds check. This could lead to local information disclosure, requiri...
USN-5736-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14....
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the convertstrings function in tinfo/readentry.c, which allows attackers to crash the service when processing corrupt terminfo data. Remediation Upgrade ncurses to version 6.3 or higher. References - GitHub Commit ...
The vulnerability of the _convert_from_str() function in the numpy.core module of the NumPy library allows a hacker to initiate data copying.
The vulnerability of the convertfromstr function in the numpy.core module of the NumPy library for Python is related to incorrect string comparisons. Exploiting this vulnerability could allow a malicious actor to initiate data copying through specially created objects...
PT-2022-35250 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.76 Description: The issue concerns the use of both GFP KERNEL and GFP ATOMIC in the convert context function. It was introduced in version v5.0 and fixed in version v5.15.76. The actual impact and attack...
OESA-2022-2089 gnulib security update
Gnulib is a central location for common GNU code, intended to be shared among GNU packages. It can be used to improve portability and other functionality in your programs. Security Fixes: The converttodecimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow...
OESA-2022-2060 qt5-qtbase security update
Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fixes: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and...
CVE-2022-36428
Auth. admin+ Cross-Site Scripting XSS vulnerability in Stage Rock Convert plugin = 2.11.0 on WordPress...
CVE-2022-36428
Auth. admin+ Cross-Site Scripting XSS vulnerability in Stage Rock Convert plugin = 2.11.0 on WordPress...