UBUNTU-CVE-2023-27781

jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c...

Design/Logic Flaw

jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c...

CVE-2023-27781

jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c...

PT-2023-21344 · Jpegoptim +1 · Jpegoptim +1

Name of the Vulnerable Software and Affected Versions: jpegoptim version 1.5.2 Description: A heap overflow can occur with crafted JPEG image files, specifically in the optimize function at jpegoptim.c. This issue is related to the processing of JPEG images. Recommendations: For jpegoptim version...

JPEGOPTIM 缓冲区错误漏洞

JPEGOPTIM is a utility for optimizing/compressing JPEG files by Timo Kokkonen, a US-based individual developer. A security vulnerability exists in JPEGOPTIM v1.5.2, which stems from the discovery of a contained heap overflow via the optimize function of jpegoptim.c. The vulnerability is caused by...

CVE-2023-27781

CVE-2023-27781 affects jpegoptim v1.5.2, where a heap overflow in the optimize function (jpegoptim.c) is reported. The issue has a CVSSv3.1 base score of 7.8 (High): attack vector Local, no privileges required, user interaction needed, and impacts to confidentiality/integrity/availability classif...

JCH Optimize < 3.2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software JCH Optimize Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25491 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0051eec0a90c Credits Rio Darmawan Required...

SUSE CVE-2020-27560

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service...

WordPress WP-Optimize Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-Optimize Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID da9ff4caf3e0 Credits Wordfence Required privilege...

CVE-2022-4548

CVE-2022-4548 affects the WordPress plugin “Optimize images ALT Text & names for SEO using AI” (versions before 2.0.8). Root cause: missing CSRF protection when updating plugin settings, enabling a logged-in attacker to change settings via CSRF. Reported impact is limited to admin-context changes...

Path traversal

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack...

CVE-2022-4101

CVE-2022-4101 affects the WordPress plugin Images Optimize and Upload CF7 (versions ≤ 2.1.4). The issue arises because an AJAX action accessible to unauthenticated users does not validate the file to be deleted, enabling a path-traversal attack that could delete arbitrary files on the server. Pub...

WordPress plugin Images Optimize and Upload CF7 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists ...

SUSE-SU-2022:3714-1 Security update for multipath-tools

This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. bsc1202739 - Avoid linking to libreadline to avoid licensing issue bsc1202616 - Avoid device IO in 'multipath -u' bsc1125145, bsc1131789 - mpathpersist: optimize for...

CVE-2022-2635

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-1410

OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

The vulnerability of the Device42 data processing infrastructure management software’s /Exago/WrImageResource.axd file allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the dboptimize function in the Device42 data center infrastructure management software applmgr/applmgrsite/views.py is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protect...

The vulnerability of the db_optimize() function (applmgr/applmgrsite/views.py) in the Device42 data center infrastructure management software allows a perpetrator to execute arbitrary commands.

The vulnerability of the dboptimize function in the Device42 data center infrastructure management software exists because measures to neutralize special elements used in the operating system commands have not been implemented. Exploiting this vulnerability allows a remote attacker to execute...

PT-2022-4178 · Device42 · Device42 Cmdb

Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions prior to 18.01.00 Description: The issue is related to improper access control in the Device42 Asset Management Appliance, specifically in the /Exago/WrImageResource.adx route. This allows an unauthenticated attacker to...