Denial Of Service (DoS)

imagemagick is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to a flaw in the way the identify command handles certain image files. A remote attacker can exploit this vulnerability to cause the ImageMagick process to leak memory, which could eventually lead to a denial...

UBUNTU-CVE-2022-48541

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command...

CVE-2022-48541

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command...

CVE-2023-35698

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt...

CVE-2022-48227

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361...

CVE-2023-1093

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

Cross site request forgery (csrf)

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

CVE-2023-1093 OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

PT-2023-16748 · WordPress · Oauth Single Sign On

Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On WordPress plugin versions prior to 6.24.2 Description: The issue concerns a lack of CSRF checks when discarding Identify providers IdP in the OAuth Single Sign On WordPress plugin. This could allow attackers to make...

CVE-2023-0347

The Akuvox E11 Media Access Control MAC address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud...

Design/Logic Flaw

The Akuvox E11 Media Access Control MAC address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud...

MAL-2023-6617 Malicious code in selfsplitad (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7e64ab39b5ef4d1f3691b7864a3ef94bae0a45b675ef2a9bf4001a4317bd7c8e EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

SUSE CVE-2017-13768

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file...

SUSE CVE-2018-5804

A type confusion error within the "identify" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero...

SUSE CVE-2019-18809

A memory leak in the af9005identifystate function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-2289adbfa559...

SUSE CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdngfields in identify.cpp...

OSV-2023-55 Index-out-of-bounds in LibRaw::apply_tiff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55722 Crash type: Index-out-of-bounds Crash state: LibRaw::applytiff LibRaw::parsejpeg LibRaw::identify...

PT-2023-35899 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an index-out-of-bounds crash. Technical details about the crash include the involvement of specific functions: apply tiff, parse jpeg, and identify. Recommendations: ...

Not Just for the Government: Using the NIST Framework to Secure WordPress

When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something goes wrong. Installing a cybersecurity plugin like Wordfence...

CVE-2022-44023

PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts...