503 matches found
CVE-2024-7053 Session Fixation in open-webui/open-webui
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
Linux Distros Unpatched Vulnerability : CVE-2022-1227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded b...
Heap Buffer Overflow
libexiv2.so is vulnerable to a Heap Buffer Overflow. The vulnerability is due to a heap buffer overflow triggered when writing metadata into a crafted image file, allows an attacker could exploit this to achieve code execution if a victim processes a malicious image with Exiv2...
Cross-Site Scripting (Reflected XSS)
Leantime is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and output encoding in the "overdue" section, allowing attackers to upload malicious image files containing XSS payloads...
GHSA-52XF-H226-PFGX Leantime allows Refelected Cross-Site Scripting (XSS)
Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation...
Leantime allows Refelected Cross-Site Scripting (XSS)
Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation...
CVE-2024-54499
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution...
CentOS 7 : podman (RHSA-2022:2190)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2190 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded...
Clibo Manager 跨站脚本漏洞
Clibo Manager is a management platform from Clibo Manager, Inc. providing sports clubs with the ability to manage subscriptions and ticket sales, as well as direct contact with subscribers, events, sales statistics, and more. A cross-site scripting vulnerability exists in Clibo Manager version...
GO-2023-2336 Denial of service from malicious image manifest in kyverno in github.com/kyverno/kyverno
Denial of service from malicious image manifest in kyverno in github.com/kyverno/kyverno...
GO-2023-2337 Denial of service from malicious image manifest in kyverno in github.com/kyverno/kyverno
Denial of service from malicious image manifest in kyverno in github.com/kyverno/kyverno...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
OpenStack Security Vulnerabilities
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack, which stems from an input validation flaw that could allow an attacker to deliver a malicious image by uploading or creating and modifying an...
RLSA-2024:2982 Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-40414 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-42852 webkitgtk: Processing...
CVE-2024-27836
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution...
CVE-2024-27836
CVE-2024-27836 affects Apple’s ImageIO component in Apple Vision Pro stack, with the issue described as: processing a maliciously crafted image may lead to arbitrary code execution. Affected products/versions include visionOS 1.2, macOS Sonoma 14.5, iOS 17.5, and iPadOS 17.5. The Apple security c...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.5 and iPadOS version 17.5, which stems from the fact that processi...
RHEL 6 : openstack-nova (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-nova/glance/cinder: Malicious image may exhaust resources CVE-2015-5162 - Rejected reason: DO N...
webkitgtk: processing a malicious image may lead to a denial of service
A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service...