168 matches found
Cisco Nexus 3000 Series Switches和Cisco Nexus 9000 Series Switches 操作系统命令注入漏洞
Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches are both products of Cisco, Inc.Cisco Nexus 3000 Series Switches is a 3000 series switch.Cisco Nexus Cisco Nexus 9000 Series Switches are Cisco products.Cisco Nexus 3000 Series Switches are 3000 series switches. An operating...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Check BIOS images before they are used. BIOS images may fail to load, and null checks are added before they are used. This fix addresses 6 NULLRETURNS issues reported by Coverity...
CVE-2025-25063
Backdrop CMS has an XSS vulnerability (CVE-2025-25063) in versions 1.28.x before 1.28.5 and 1.29.x before 1.29.3 due to insufficient validation of uploaded SVG images. Crafted SVGs could execute scripting when viewed directly via their URL, though sanitization occurs by embedding all uploaded SVG...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 18.0.4 (openstack-ironic) security update
An update for openstack-ironic is now available for Red Hat OpenStack Platform 18.0.4 Antelope. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
USN-7082-1: libheif vulnerability
Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtai...
drm/amd/display: Check BIOS images before it is used
...
CVE-2024-45872
Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub0x410d1d. The vulnerability occurs due to insufficient validation of PSD files...
CVE-2024-41704
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images...
CVE-2024-41704
Technical details about CVE-2024-41704 are not provided in the connected documents; monitor for updates.
CVE-2024-41704
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images...
CVE-2024-41704
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images...
CVE-2024-3112
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
CVE-2024-32498
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
BIT-TENSORFLOW-2021-29533 CHECK-fail in DrawBoundingBoxes
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...
GHSA-Q68H-XWQ5-MM7X Cross-site Scripting Vulnerability on Avatar Upload
Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2 and was tested on version 1.8.2. Overview Label Studio has a cross-site scripting XSS vulnerability that coul...
Server-Side Request Forgery (SSRF)
foodcoopshop/foodcoopshop is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of proper image validation. This flaw permits an attacker to send a request to any host on the local network, which then responds with a 200 status code for a HEAD requests serving a...