24 matches found
OFFIS DCMTK 安全漏洞
OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...
Stealthy and Adjustable Text-Guided Backdoor Attacks on Multimodal Pretrained Models
Multimodal pretrained models are vulnerable to backdoor attacks, yet most existing methods rely on visual or multimodal triggers, which are impractical since visually embedded triggers rarely occur in real-world data. To overcome this limitation, we propose a novel Text-Guided Backdoor TGB attack...
EUVD-2017-18228
Malware in sbrugna...
EUVD-2024-2545
Malicious code in bioql PyPI...
Attacking Attention of Foundation Models Disrupts Downstream Tasks
Foundation models represent the most prominent and recent paradigm shift in artificial intelligence. Foundation models are large models, trained on broad data that deliver high accuracy in many downstream tasks, often without fine-tuning. For this reason, models such as CLIP , DINO or Vision...
CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52598
2FAuth 5.4.1 fixes a pair of issues: an SSRF vulnerability and a URI validation bypass in the POST /api/v1/twofaccounts/preview endpoint. An attacker can supply a remote URI; the app may perform a GET to that URL and, if the response appears as an image, store it on the server. The URI filter che...
Moderate: Red Hat Security Advisory: skopeo security update
An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 9 : skopeo (RHSA-2024:8111)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8111 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...
Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack...
CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint
Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...
Plane 安全漏洞
Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to v0.23.0, which stems from the use of wildcards to support the retrieval of an image from any hostname, which could allow an attacker to induce server-side...
CVE-2024-45290 Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...
RHEL 9 : skopeo (RHSA-2024:6195)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6195 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...
CVE-2024-33606
An attacker could retrieve sensitive files medical images as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability...
RLSA-2024:2549 Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms...
CVE-2024-31993
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...
CVE-2024-31993 Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...
CVE-2024-31993 Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner from an individual developer in Hayden, USA. A security vulnerability exists in Mealie versions prior to 1.4.0, which stems from the scrapeimage function will retrieve an image based on a user-supplied URL, but the supplied URL is not...