14 matches found
CVE-2025-22424
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48628
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2021-13421
Malware in sbrugna...
CVE-2025-32320
In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48551
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2023-21238
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-26627
Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image...
Basecamp: AWS keys and user cookie leakage via uninitialized memory leak in outdated librsvg version in Basecamp
Sensitive data, including AWS keys and user cookies, could be leaked due to an uninitialized memory leak in an outdated version of librsvg used by Basecamp. This vulnerability allowed an attacker to upload a specially crafted SVG image as an avatar, triggering the memory leak. By extracting...
CVE-2023-25741
When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox 110...
CVE-2021-26627
Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image...
CVE-2021-26627
CVE-2021-26627 describes an insufficient authentication on the activated RTSP port that enables a remote attacker to issue RTSP requests (e.g., via ffplay) and leak live video/images. Reported impact is real-time image information exposure. The available connected documents corroborate the vulner...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Security vulnerabilities fixed in Firefox 59 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...
CVE-2016-4583
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document...