11 matches found
CVE-2019-20860
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service application hang via a crafted SVG document...
CVE-2021-3312
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
Fedora 39 : roundcubemail (2023-735ee6d4e1)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-735ee6d4e1 advisory. Version 1.6.4 - Fix PHP8 warnings 9142, 9160 - Fix default 'mime.types' path on Windows 9113 - Managesieve: Fix javascript error when relational or spamtest...
GHSA-G6V7-VQHX-6V6C XML External Entity Reference in org.opencms:opencms-core
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
CVE-2020-15300
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document...
CVE-2019-20860
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service application hang via a crafted SVG document...
Memory corruption
The 1 AddWeightedPathSegLists and 2 SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...
CVE-2015-7199
The 1 AddWeightedPathSegLists and 2 SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...
CVE-2011-1793
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."...
CVE-2010-4206
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a craft...
CVE-2010-4206
Removed by vendor...