111 matches found
CVE-2024-25974
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting XSS vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 or lower as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing a...
CVE-2023-45740
Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...
CVE-2020-29471
OpenCart 3.0.3.6 is affected by cross-site scripting XSS in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger...
MODX allows cross-site scripting (XSS) via an SVG file
A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...
USN-7323-1 linux-aws, linux-gcp, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
CVE-2024-0136
NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A...
openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data
A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
The vulnerability of the stbi__load_gif_main component in the C/C++ Libstb library, related to the repeated release of memory, allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the stbiloadgifmain component in the C/C++ Libstb library is related to the repeated release of memory. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through the use of a...
Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...
Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...
Apple macOS AMDRadeonX6000MTLDriver KTX Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...
The vulnerability of the Microsoft Windows Codecs library in the Windows operating system allows a hacker to gain access to confidential information.
The vulnerability of the Microsoft Windows Codecs library in the Windows operating system is related to errors in memory object handling mechanisms. Exploiting this vulnerability can allow an attacker to access confidential information through a specially crafted image file...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell CVE-2021-44228 minecraft demo This demo is used at...
CVE-2023-26965
loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...
Miniflux 跨站脚本漏洞
Miniflux is a minimalist synopsis reader. A cross-site scripting vulnerability exists in Miniflux version v2.0.25 and later. An attacker exploits this vulnerability to force a victim to open a corrupted image, which could result in JavaScript being executed on an instance of Miniflux...
SUSE CVE-2016-8693
Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image to the imginfo command...
SUSE CVE-2017-7606
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
USN-5835-3 nova vulnerability
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information...
CVE-2022-38877
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/phpaction/editProductImage.php?id=1...
PT-2022-23141 · Unknown · Zulip Server
Name of the Vulnerable Software and Affected Versions: Zulip Server versions prior to 5.6 Description: The issue arises when displaying messages with embedded remote images. Normally, Zulip loads the image preview via a go-camo proxy server. However, an attacker who can send messages could includ...