CVE-2020-13561

An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

CVE-2024-44215

This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing an image may result in disclosure of process memory...

About the security content of macOS Ventura 13.7

About the security content of macOS Ventura 13.7 This document describes the security content of macOS Ventura 13.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

UBUNTU-CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

CVE-2024-40789

CVE-2024-40789 is a WebKitGTK/WebKit-related out-of-bounds access issue. The initial CVE description notes an out-of-bounds access that could cause an unexpected process crash when processing malicious web content, with fixes across Apple platforms (iOS, iPadOS, macOS, Safari, watchOS, tvOS, visi...

Juniper Networks Junos OS Evolved Security Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS system. A security vulnerability exists in Juniper Networks Junos OS Evolved, which arises from a vulnerability in packet processing that does not properly check for anomalies or unusual conditions, allowing an...

CVE-2024-27836

The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot...

CVE-2024-4593

CVE-2024-4593 concerns DedeCMS 5.7, where the vulnerability lies in the file /src/dede/sys_multiserv.php. The issue is described as a cross‑site request forgery (CSRF) that can be triggered remotely, with the exploit publicly disclosed. Several connected sources consistently identify the affected...

Code injection

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2023-42862

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.2 and iPadOS version 17.2, which stems from Processing images...

sharp vulnerability in libwebp dependency CVE-2023-4863

Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...

Apple macOS Buffer Error Vulnerability

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14.1, which stems from a process memory leak that may occur when processing images...

Apple macOS Ventura 代码注入漏洞

Apple macOS Ventura is a desktop operating system by Apple Inc. A security vulnerability exists in Apple macOS Ventura, which originates from processing files that could lead to unexpected application termination or arbitrary code execution...

ROS-2-2179

2.2179 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

部分Apple产品 安全漏洞

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in some Apple products, which stems from processing images that may lead to arbitrary code execution. The following products and versions are affected: watchOS before 9.5, tvOS...

PT-2023-21305 · Sourcecodester · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical issue has been found in the processing of the file /jurusanmatkul/data, where the manipulation of the argument columns1data leads to SQL injection. The attack can be...

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...