CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1059 matches found

RedhatCVE•added 2022/09/06 1:29 p.m.•32 views

CVE-2021-3574

A vulnerability was found in ImageMagick. Memory leaks are detected when executing a crafted file with the convert command, affecting availability...

3.3CVSS3.3AI score0.00031EPSS

Exploits1References3

ATTACKERKB•added 2022/08/26 4:15 p.m.•3 views

CVE-2021-3574

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks...

3.3CVSS5.4AI score0.00031EPSS

Exploits1References11

OSV•added 2022/08/26 4:15 p.m.•0 views

DEBIAN-CVE-2021-3574

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks...

3.3CVSS6.3AI score0.00031EPSS

Exploits1References1

CNNVD•added 2022/08/26 12:0 a.m.•2 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert, or write images in a variety of formats. A security vulnerability exists in ImageMagick 7.0.11-5, which stems from its use of the convert command to execute a craft...

3.3CVSS6.5AI score0.00031EPSS

Exploits1References13

Cvelist•added 2022/08/26 12:0 a.m.•25 views

CVE-2021-3574

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks...

5.7AI score0.00031EPSS

Exploits1References7

OSV•added 2022/07/23 12:0 a.m.•12 views

GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

9.8CVSS9.9AI score0.02015EPSS

Exploits1References6

Github Security Blog•added 2022/07/23 12:0 a.m.•21 views

convert-svg-core vulnerable to remote code injection

9.9CVSS9.9AI score0.02015EPSS

Exploits1References6Affected Software1

vulnersOsv•added 2022/07/23 12:0 a.m.•3 views

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-25759 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-25759 Source advisory: OSV:GHSA-5GXC-FXCR-9326...

9.9CVSS7.2AI score0.02015EPSS

Exploits1

CVE•added 2022/07/22 8:0 p.m.•69 views

CVE-2022-25759

The CVE-2022-25759 issue affects the convert-svg-core npm package, specifically versions before 0.6.2. It enables remote code injection by processing an SVG containing a payload (notably via an onload attribute). Impact is remote code execution when using the vulnerable library in conjunction wit...

9.9CVSS9.8AI score0.02015EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2022/07/22 8:0 p.m.•3 views

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

9.9CVSS6AI score0.02015EPSS

Exploits1References5

CNNVD•added 2022/07/22 12:0 a.m.•2 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.2, which stems from the fact that by sending SVG files containing payloads, convert-svg-core is vulnerable to remote...

9.9CVSS8.6AI score0.02015EPSS

Exploits1References5

Fedora•added 2022/07/20 1:40 a.m.•11 views

[SECURITY] Fedora 35 Update: golang-github-mozillazg-pinyin-0.18.0-5.fc35

This package provides tools and Golang library to convert Chinese characters to Pinyin...

7.2AI score

Exploits0

Fedora•added 2022/07/13 2:0 a.m.•20 views

[SECURITY] Fedora 36 Update: golang-github-mozillazg-pinyin-0.19.0-4.fc36

This package provides tools and Golang library to convert Chinese characters to Pinyin...

9.3CVSS8.1AI score0.00963EPSS

Exploits4

CNVD•added 2022/07/13 12:0 a.m.•18 views

FFmpeg rpza_decode_stream() Code Execution Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A code execution vulnerability exists in FFmpeg rpzadecodestream, which can be exploited by an attacker to trigger an out-of-bounds read memory access and execute arbitrary code on the syst...

7.8CVSS7.8AI score0.00196EPSS

Exploits0References1

Github Security Blog•added 2022/06/29 10:39 p.m.•33 views

Quadratic blowup in Convert::xml2array()

Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

6.5CVSS4.8AI score0.00348EPSS

Exploits0References6Affected Software1

OSV•added 2022/06/29 10:39 p.m.•32 views

GHSA-9FMG-89FX-R33W Quadratic blowup in Convert::xml2array()

Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

6.5CVSS6.3AI score0.00348EPSS

Exploits0References5

NVD•added 2022/06/28 10:15 p.m.•12 views

CVE-2021-41559

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

6.5CVSS0.00348EPSS

Exploits0References3

Positive Technologies•added 2022/06/28 12:0 a.m.•4 views

PT-2022-11429 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.8.1 through 4.10.9 Description: The issue is related to a quadratic blowup in the Convert::xml2array function, which can be exploited via a crafted XML document to enable a remote attack...

6.5CVSS6.2AI score0.00348EPSS

Exploits0References12