SUSE CVE-2021-20310

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from thi...

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an image read/write library, along with a number of tools and applications. An out-of-bounds read vulnerability exists in OpenImageIO. The vulnerability is caused due to an out-of-bounds read vulnerability when processing string fields in TIFF image files. An attacker can exploit...

CVE-2021-44693

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device...

CVE-2022-42795

A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution...

Accusoft ImageGear 缓冲区错误漏洞

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft Corporation. A buffer error vulnerability exists in Accusoft ImageGear version 20.0 that stems from the presence of an out-of-bounds write. An attacker could exploit the vulnerability to cause memory corruptio...

chart.js: prototype pollution

A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...

PT-2022-18567 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS affected versions not specified Description: A problematic issue has been found in the SourceCodester Company Website CMS, affecting the processing of the file /dashboard/contact. The manipulation of the pho...

FFmpeg 缓冲区错误漏洞

FFmpeg is the Ffmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg dnxhdinitrc suffers from a denial-of-service vulnerability that can be exploited by attackers to cause a denial-of-service attack...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005

The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content even without...

NSO Group spyware found on iPhones of US State Department employees

iPhones of at least nine US State Department employees are said to have been hacked using the Pegasus spyware developed by the Israeli technology company, NSO Group. Pegasus is a proprietary and sophisticated spyware capable of the remote surveillance of smartphones. The employees targeted by an...

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2021-30700

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information...

CVE-2021-30687

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user...

CVE-2021-1814

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2021-30706

Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks...

CVE-2021-30733

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure o...

CVE-2021-30779

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution...

PT-2021-18849 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 14.7 Apple macOS versions prior to Big Sur 11.5 Apple watchOS versions prior to 7.6 Apple tvOS versions prior to 14.7 Apple macOS Mojave versions prior to Security Update 2021-005 Apple macOS Catalina versions prio...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM USA that provides valuable information, secure data governance and reporting. An external entity injection vulnerability exists in Cognos Analytics 11.0 and 11.1. An attacker can exploit this vulnerability to inject extern...