9 matches found
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
A Comparison of Selected Image Transformation Techniques for Malware Classification
Recently, a considerable amount of malware research has focused on the use of powerful image-based machine learning techniques, which generally yield impressive results. However, before image-based techniques can be applied to malware, the samples must be converted to images, and there is no...
CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection
The Internet of Things IoT, with its high degree of interconnectivity and limited computational resources, is particularly vulnerable to a wide range of cyber threats. Intrusion detection systems IDS have been extensively studied to enhance IoT security, and machine learning-based IDS ML-IDS show...
Ruby on Rails: Argument/Code Injection via ActiveStorage's image transformation functionality
An argument/code injection vulnerability was discovered in ActiveStorage's image transformation functionality. This vulnerability allowed an attacker to inject arbitrary arguments into the image transformation command, potentially leading to remote code execution. The vulnerability was found in t...
USN-4433-1 openjdk-lts vulnerabilities
Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-14556 It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use...
Exploit for Unrestricted Upload of File with Dangerous Type in Verot_Project Verot
CVE-2019-19634 - class.upload.php = 2.0.4 Arbitrary file uplo...
CVE-2015-0811
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...
Out-of-bounds
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...
CVE-2015-0811
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...