Mageia: Security Advisory (MGASA-2021-0363)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2021-23631 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +40 more potentially affected by CVE-2021-23631 via convert-svg-to-png (>=0.3.3 <=0.5.0)

convert-svg-to-png NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =1.0.3, =0.0.1, =1.4.0, =1.5.0 and more Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...

Path Traversal in convert-svg packages

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...

brander (>=0.1.6 <=0.1.9), chin-plugin-convert-svg (>=0.0.1 <=0.0.3) +3 more potentially affected by CVE-2021-23631 via convert-svg-to-jpeg (>=0.3.3 <=0.5.0)

convert-svg-to-jpeg NPM version =0.3.3, =0.1.6, =0.0.1, =0.0.3, =0.2.6, =0.2.21 - xd2svg =0.8.0 Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...

CVE-2021-23631

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...

CVE-2021-23631 Directory Traversal

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...

CVE-2021-23631

CVE-2021-23631 affects convert-svg-core, convert-svg-to-png, and convert-svg-to-jpeg. A crafted SVG can trigger Directory Traversal via the SVG File Handler, enabling an attacker to read arbitrary filesystem files and render their contents as a PNG/JPEG image. Affected software is the entire vers...

convert-svg 路径遍历漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in convert-svg, which can be exploited by an attacker to read an arbitrary file from the filesystem via a carefully constructed SVG file and then display the...

Directory Traversal

webpservergo is vulnerable to Directory Traversal. The vulnerability exists due to a lack of sanitization of the path via the function convert...

Oracle Linux 7 : gegl (ELSA-2022-0162)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0162 advisory. 0.2.0-19.1 - fix CVE-2021-45463 2035416 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

Updated gegl packages fix security vulnerability

Fix shell expansion via crafted pathname in the ImageMagick convert fallback...

MGASA-2022-0003 Updated gegl packages fix security vulnerability

Fix shell expansion via crafted pathname in the ImageMagick convert fallback...

SUSE: Security Advisory (SUSE-SU-2021:4209-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : gegl (openSUSE-SU-2021:4210-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4210-1 advisory. - GEGL before 0.4.34, as used for example in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escape...

OPENSUSE-SU-2021:4210-1 Security update for gegl

This update for gegl fixes the following issues: - CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback bsc1194045...

SUSE-SU-2021:4210-1 Security update for gegl

This update for gegl fixes the following issues: - CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback bsc1194045...

OPENSUSE-SU-2021:4209-1 Security update for gegl

This update for gegl fixes the following issues: - CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback bsc1194045...

SUSE-SU-2021:4209-1 Security update for gegl

This update for gegl fixes the following issues: - CVE-2021-45463: fixed shell expansion via crafted pathname in the ImageMagick convert fallback bsc1194045...