232 matches found
CVE-2023-25840
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this...
Cross site scripting
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this...
SUSE CVE-2014-0011
Multiple heap-based buffer overflows in the ZRLEDECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service vncviewer crash and possibly execute arbitrary code via vectors related to screen image rendering...
SUSE CVE-2017-2814
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file ca...
SUSE CVE-2017-2818
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...
SUSE CVE-2017-14448
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...
SUSE CVE-2017-14449
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability...
SUSE CVE-2018-3839
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to...
SUSE CVE-2018-3977
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...
GHSA-R4JG-5V89-9V62 Withdrawn: Octocat.js vulnerable to code injection
Withdrawn This advisory has been withdrawn because it is a test. Original Description Impact Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code. Patches This vulnerability was fixed in version 1.2 of...
Mozilla Firefox Security Advisory (MFSA2013-22) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-39220
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...
Design/Logic Flaw
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...
CVE-2021-39220
Summary: CVE-2021-39220 affects the Nextcloud Mail application. The issue is an information-disclosure due to a privacy filter that fails to filter images using relative protocols, allowing leakage of read state or user IP. Affected versions: Nextcloud Mail prior to 1.10.4 and 1.11.0. Root cause:...
PT-2021-22471 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.10.4 and 1.11.0 Description: The Nextcloud Mail application has a privacy filter issue that fails to filter images with a relative protocol, potentially leaking the read state or user IP. This issue is due t...
CVE-2021-32802
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...
CVE-2021-32802
CVE-2021-32802 affects Nextcloud Server where image-preview rendering calls a third-party library not suited for untrusted content, enabling issues such as SSRF, file disclosure, or potential code execution. Public details confirm Nextcloud versions 20.0.12, 21.0.4 and 22.1.0 no longer use the vu...
Preview generation used third-party library not suited for user-generated content
None...
CVE-2021-32707
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...
CVE-2021-32707
CVE-2021-32707 affects Nextcloud Mail prior to version 1.9.6: the privacy filter did not filter images with a background-image CSS attribute, allowing a remote CSS background image to reveal whether an email was read. Images passed through the Nextcloud image proxy, so IP leakage was not reported...