Lucene search
K

5 matches found

CNNVD
CNNVD
added 2025/04/08 12:0 a.m.6 views

imagemeta 安全漏洞

imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.10.0 that stems from an unrestricted number and size of EXIF data...

6.9CVSS6.2AI score0.00161EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/09/10 3:19 p.m.2 views

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

7.5CVSS6.4AI score0.0078EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.6 views

Yeti Platform 安全漏洞

Yeti Platform is a daily threat intelligence platform open-sourced by Yeti Platform. A security vulnerability exists in Yeti Platform versions prior to 2.1.11, which stems from a denial-of-service attack in which remote user-controlled data tags can be Unicode normalized via the compatibility for...

7.5CVSS6.6AI score0.0078EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.6 views

PT-2024-31615 · Yeti · Yeti

Name of the Vulnerable Software and Affected Versions: Yeti versions prior to 2.1.11 Description: The issue concerns a denial of service vulnerability. Remote user-controlled data tags can lead to Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in...

7.5CVSS7.4AI score0.0078EPSS
Exploits1References7
Hacker One
Hacker One
added 2015/01/07 12:38 a.m.27 views

Ruby on Rails: Data-Tags and the New HTML Sanitizer Subverts CSRF protection

Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2015-7578. Versions Affected: All. Not affected: None. Fixed Versions: 1.0.3 Impact ------ There is a possible XSS...

4.3CVSS5.8AI score0.02485EPSS
Exploits0
Rows per page
Query Builder