CVE-2021-33564

Summary: CVE-2021-33564 affects the Dragonfly Ruby Gem prior to 1.4.0. An argument injection flaw allows remote attackers to read and write arbitrary files via a crafted URL when the verify_url option is disabled, potentially enabling arbitrary code execution. The root cause is described as misha...

dragonfly -- argument injection

NVD reports: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process...

SUSE: Security Advisory (SUSE-SU-2021:0172-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-7887 · Unknown +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.11-5 Description: A vulnerability was found in ImageMagick, where executing a crafted file with the convert command, ASAN detects memory leaks. The issue is related to incorrect memory deallocation before removing the...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Consortium Google.System is one of the system components. A security vulnerability exists in Google Android/Pixel that stems from uninitialized data in ReturnFrameworkMessage in convertToHidl of convert.cp...

CVE-2021-23345

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

CVE-2021-23345

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

Server side request forgery (ssrf)

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

CVE-2021-23345 Server-side Request Forgery (SSRF)

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

CVE-2021-23345

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

Huawei EulerOS: Security Advisory for perl-Convert-ASN1 (EulerOS-SA-2021-1162)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : perl-Convert-ASN1 (EulerOS-SA-2021-1162)

According to the version of the perl-Convert-ASN1 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected...

An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue

...

CVE-2020-23774

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...

SUSE-SU-2021:0183-1 Security update for perl-Convert-ASN1

This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input bsc1168934...

SUSE-SU-2021:0172-1 Security update for perl-Convert-ASN1

This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input bsc1168934...

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal syst...

Server-side Request Forgery (SSRF)

Overview github.com/thecodingmachine/gotenberg is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

Fedora: Security Advisory for perl-Convert-ASN1 (FEDORA-2020-9fa782be3e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Vulnerability fixed in ImageMagick

A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges, when using the "convert" program to convert a specially prepared file to convert it to a PDF file. ImageMagick has released updates to fix the vulnerability. fix. For more informatio...