Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow before version 8.2.0. For BLP data, BlpImagePlugin did not properly check the returned data after jumping to file offsets. This could lead to a denial-of-service attack, where the decoder could be executed multiple times with empty data...

YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

EUVD-2006-0350

Malware in sbrugna...

GIMP 缓冲区错误漏洞

GIMP is an open source bitmap image editor from the GIMP team. GIMP suffers from a buffer error vulnerability that stems from unvalidated user data during FLI file parsing, which could lead to out-of-bounds writes and remote code execution...

CVE-2022-49045

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2022-49045

CVE-2022-49045 entry is rejected by the CVE Numbering Authority and is not an active vulnerability entry.

Security Bulletin: Vulnerabilities in Google Protocol Buffers affect IBM watsonx.data

Summary Google Protocol Buffers and protobuf-java core and lite have multiple vulnerabilities that can affect watsonx.data. These vulnerablities include denail of service attacks and remote code executions, Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow...

SUSE CVE-2007-6356

exiftags before 1.01 allows attackers to cause a denial of service infinite loop via recursive IFD references in the EXIF data in a JPEG image...

Pillow 安全漏洞

Pillow is a Python based image processing library. A security vulnerability exists in Pillow versions prior to 9.2.0, which stems from improper handling of highly compressed GIF data...

CVE-2022-24064

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

CVE-2020-11085

CVE-2020-11085 affects FreeRDP: before version 2.1.0 there is an out-of-bounds read in cliprdr_read_format_list (clipboard format data). This could read memory beyond bounds when processing clipboard formats. The issue has been fixed in FreeRDP 2.1.0. Affected advisories from multiple vendors cor...

The vulnerabilities of the software platforms Flash Player and Adobe Integrated Runtime allow attackers to trigger service failures or execute arbitrary code.

The vulnerabilities of the Flash Player and Adobe Integrated Runtime are caused by buffer overflows. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code or cause service interruptions such as out-of-memory reading or memory corruption using specially crafted MPEG-4...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the MPEG4Extractor::parseChunk function in the libstagefright library of the Android operating system is due to a loss of integer precision. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted MPEG-4 format data...

PhpMoAdmin vulnerability analysis report-vulnerability warning-the black bar safety net

phpMoAdmin is a convenient online MongoDB management tool that can be used to create, delete and modify databases and indexes, view and data search tool that provides database startup time and memory statistics, support for JSON format data import and export the php application. Recently named...

Format string

Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data"...