1083 matches found
AZL-9302 CVE-2022-1210 affecting package libtiff for versions less than 4.4.0-1
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...
DEBIAN-CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...
UBUNTU-CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...
Design/Logic Flaw
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...
CVE-2022-1210 LibTIFF tiff2ps resource consumption
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...
CVE-2022-1210 LibTIFF tiff2ps resource consumption
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...
CVE-2022-1210
CVE-2022-1210 affects LibTIFF 4.3.0, specifically the TIFF File Handler in tiff2ps. Opening a malicious TIFF can cause a denial of service; the vulnerability is remotely exploitable but requires user interaction. The exploit has been disclosed publicly. The connected documents confirm the affecte...
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
...
CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...
DEBIAN-CVE-2022-26520
In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...
Directory Traversal
convert-svg-core, convert-svg-to-png and convert-svg-to-jpeg are vulnerable to directory traversal. The vulnerability exists because of the code of the component SVG File Handler which allows an attacker to read arbitrary files from the file system and then show the file content using a specially...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.15 and fixes at least the following security issues: A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS...
CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...
Denial Of Service (DoS) Through Heap Buffer Overflow
libheif.so is vulnerable to denial of service through heap-based buffer overflow attacks. The vulnerability exists in 'convertcolorspace' in 'heifcolorconversion.cc' of the heif file handler. A malicious attacker is able to send a crafted HEIF to gain sensitive information and cause an applicatio...
CVE-2021-39212
A flaw was found in ImageMagick in the Postscript File Handler component. An attacker could exploit this flaw which would, in some cases, lead to postscript files to be read and written to even when specifically excluded by a module policy in policy.xml. Mitigation Users are advised to use the...
GO-2021-0051 Directory traversal on Windows in github.com/labstack/echo/v4
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
GO-2020-0039 Open redirect in gopkg.in/macaron.v1
Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
PT-2021-12080 · Unknown · Static File Handler
Name of the Vulnerable Software and Affected Versions: Static File Handler affected versions not specified Description: The issue arises from improper sanitization of user input on Windows, allowing the static file handler to permit directory traversal. This enables an attacker to read files...
CVE-2020-28948
ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Recent assessments: gwillcox-r7 at January 15, 2021 7:39pm UTC reported: Edit: PoC code for this can be found at along with the original advisory. An interesting vulnerability using the...
The vulnerability of the VNC Server component of the remote desktop management software UltraVNC, which is part of the monitoring, control, and remote maintenance module for the commercial cold production equipment of TelevisGo, allows a perpetrator to execute arbitrary code.
The vulnerability of the VNC Server component of the remote desktop management software UltraVNC, which is part of the monitoring, control, and remote maintenance module for commercial cold production equipment TelevisGo, is related to a buffer overflow issue in the file transfer handler...