Remote Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Remote Code Injection via sending an SVG file containing the payload. PoC: js const convert = require'convert-svg-to-png'; const...

new packages: pmdk-convert

An update is available for pmdk-convert. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Convert-ASN1

An update is available for perl-Convert-ASN1. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

OpenStack Cinder file disclosure in image convert

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

mxGraph vulnerable to XXE attacks

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

GHSA-9QH2-6FXG-9M4G Open Chinese Convert subject to Denial of Service via Out-of-bounds Read

Open Chinese Convert OpenCC 1.0.5 allows attackers to cause a denial of service segmentation fault because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file...

arpes (>=1.0.0 <=2.2.0), convert-and-download (>=0.1.3 <=0.2.4) +24 more potentially affected by CVE-2019-9644 via notebook (>=4.2.3 <=5.7.5)

notebook PYPI version =4.2.3, =1.0.0, =0.1.3, =1.0.0b1, =0.0.2, =1.31.7.dev0, =0.1.1.10, =0.2.1, =0.1.6.2, =0.1.2, =0.1.0, =0.5.0, =1.0.1, =0.1.1, =1.0.1 - marvin-python-toolbox =0.0.4 and more Source cves: CVE-2019-9644 Source advisory: OSV:GHSA-HHX8-CR55-QCXX...

OESA-2022-1635 ncurses security update

The ncurses new curses library is a free software emulation of curses in System V Release 4.0 SVr4, and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr...

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

...

AZL-9497 CVE-2022-29458 affecting package ncurses for versions less than 6.3-2

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library...

EulerOS 2.0 SP5 : gegl (EulerOS-SA-2022-1321)

According to the versions of the gegl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by...

OESA-2022-1558 gnulib security update

Gnulib is a central location for common GNU code, intended to be shared among GNU packages. It can be used to improve portability and other functionality in your programs. Security Fixes: The converttodecimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow...

Amazon Linux 2 : gegl (ALAS-2022-1755)

The version of gegl installed on the remote host is prior to 0.2.0-19. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1755 advisory. Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able...

openSUSE: Security Advisory for gegl (openSUSE-SU-2021:4209-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

...

AZL-8413 CVE-2021-46669 affecting package mariadb for versions less than 10.6.7-1

MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used...

CVE-2021-46669

MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used...

DEBIAN-CVE-2021-46669

MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used...

MariaDB 资源管理错误漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A resource management error vulnerability exists in MariaDB that stems from the product's convertconsttoint function reusing freed resource...

Mageia: Security Advisory (MGASA-2022-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...