2428 matches found
OESA-2024-1216 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light & Magic for use in computer imaging applications. Security Fixes: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundati...
PT-2024-21907 · Orjson · Orjson
Name of the Vulnerable Software and Affected Versions: orjson versions prior to 3.9.15 Description: The issue is related to the orjson.loads function in orjson, which does not limit recursion for deeply nested JSON documents. This can lead to potential exploitation. Recommendations: For versions...
FreeBSD : openexr -- Heap Overflow in Scanline Deep Data Parsing (f161a5ad-c9bd-11ee-b7a7-353f1e043d9a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f161a5ad-c9bd-11ee-b7a7-353f1e043d9a advisory. - Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep...
Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security
Rapid cloud and SaaS adoption is driving digital transformation thats reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection platfo...
Prototype Pollution
Overview web3-utils is a Collection of utility functions used in web3.js. Affected versions of this package are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading ...
AZL-62324 CVE-2023-5841 affecting package OpenEXR 2.3.0-6
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
DEBIAN-CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
UBUNTU-CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
CVE-2023-5841 OpenEXR Heap Overflow in Scanline Deep Data Parsing
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2...
PT-2024-2330 · Academy Software Foundation +5 · Openexr +5
Name of the Vulnerable Software and Affected Versions: Academy Software Foundation OpenEXR image parsing library versions 3.2.1 and prior Description: The issue is caused by a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, leading to a...
OpenEXR 缓冲区错误漏洞
OpenEXR is an open standard for high dynamic range image HDR file formats. A buffer overflow vulnerability exists in OpenEXR 3.2.1 and prior versions that stems from an inability to validate the number of scanline samples that contain deep scanline data. An attacker could exploit this vulnerabili...
Friday Squid Blogging: Footage of Black-Eyed Squid Brooding Her Eggs
Amazing footage of a black-eyed squid Gonatus onyx carrying thousands of eggs. They tend to hang out about 6,200 feet below sea level. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod...
CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod...
CVE-2023-52337
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...
Improper access control
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...
CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod...
CVE-2023-52338
CVE-2023-52338 affects Trend Micro Deep Security v20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. The vulnerability is a local privilege escalation via a link-following flaw in the Anti-Malware/Deep Security component, requiring the attacker to already run low-privilege cod...