Lucene search
K

232 matches found

OSV
OSV
added 2023/07/21 7:15 p.m.3 views

CVE-2023-25840

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this...

3.4CVSS5.6AI score0.00389EPSS
Exploits0References1
Prion
Prion
added 2023/07/21 7:15 p.m.18 views

Cross site scripting

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this...

2.8CVSS4.1AI score0.00389EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2014-0011

Multiple heap-based buffer overflows in the ZRLEDECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service vncviewer crash and possibly execute arbitrary code via vectors related to screen image rendering...

9.8CVSS8AI score0.02494EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.1 views

SUSE CVE-2017-2814

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file ca...

8.8CVSS7.9AI score0.02716EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.1 views

SUSE CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

8.8CVSS8.8AI score0.01977EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.1 views

SUSE CVE-2017-14448

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

6.3CVSS9AI score0.02395EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14449

A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability...

8.8CVSS7.9AI score0.01677EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:33 a.m.3 views

SUSE CVE-2018-3839

An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to...

5.8CVSS9.2AI score0.02598EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.3 views

SUSE CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

7.1CVSS9.1AI score0.03479EPSS
Exploits1References7
OSV
OSV
added 2022/11/08 8:48 p.m.17 views

GHSA-R4JG-5V89-9V62 Withdrawn: Octocat.js vulnerable to code injection

Withdrawn This advisory has been withdrawn because it is a test. Original Description Impact Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. Patches This vulnerability was fixed in version 1.2 of...

6.3AI score
Exploits0References3
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.19 views

Mozilla Firefox Security Advisory (MFSA2013-22) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

5.8CVSS6.4AI score0.01958EPSS
Exploits0References3
NVD
NVD
added 2021/10/25 7:15 p.m.14 views

CVE-2021-39220

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...

3.5CVSS0.00759EPSS
Exploits0References3
Prion
Prion
added 2021/10/25 7:15 p.m.14 views

Design/Logic Flaw

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...

3.5CVSS3.9AI score0.00759EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/25 6:55 p.m.52 views

CVE-2021-39220

Summary: CVE-2021-39220 affects the Nextcloud Mail application. The issue is an information-disclosure due to a privacy filter that fails to filter images using relative protocols, allowing leakage of read state or user IP. Affected versions: Nextcloud Mail prior to 1.10.4 and 1.11.0. Root cause:...

3.5CVSS3.7AI score0.00759EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.5 views

PT-2021-22471 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.10.4 and 1.11.0 Description: The Nextcloud Mail application has a privacy filter issue that fails to filter images with a relative protocol, potentially leaking the read state or user IP. This issue is due t...

3.5CVSS3.7AI score0.00759EPSS
Exploits0References7
NVD
NVD
added 2021/09/07 10:15 p.m.17 views

CVE-2021-32802

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

10CVSS0.02604EPSS
Exploits0References4
CVE
CVE
added 2021/09/07 9:45 p.m.137 views

CVE-2021-32802

CVE-2021-32802 affects Nextcloud Server where image-preview rendering calls a third-party library not suited for untrusted content, enabling issues such as SSRF, file disclosure, or potential code execution. Public details confirm Nextcloud versions 20.0.12, 21.0.4 and 22.1.0 no longer use the vu...

10CVSS9.3AI score0.02604EPSS
Exploits0References4Affected Software1
Nextcloud
Nextcloud
added 2021/09/06 8:41 a.m.53 views

Preview generation used third-party library not suited for user-generated content

None...

10CVSS8.6AI score0.02604EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/07/12 7:15 p.m.14 views

CVE-2021-32707

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

4.3CVSS6.6AI score
Exploits0References3
CVE
CVE
added 2021/07/12 7:5 p.m.62 views

CVE-2021-32707

CVE-2021-32707 affects Nextcloud Mail prior to version 1.9.6: the privacy filter did not filter images with a background-image CSS attribute, allowing a remote CSS background image to reveal whether an email was read. Images passed through the Nextcloud image proxy, so IP leakage was not reported...

4.3CVSS4.4AI score0.01146EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder