11 matches found
Azure Linux 3.0 Security Update: LibRaw (CVE-2020-15503)
The version of LibRaw installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-15503 advisory. - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpackthumb.cpp,...
EUVD-2023-23945
Malicious code in bioql PyPI...
EUVD-2023-23944
Malicious code in bioql PyPI...
CVE-2024-51749
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...
SUSE CVE-2024-51749
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...
CVE-2023-1722
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...
CVE-2023-1721
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...
CVE-2023-1721
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...
CVE-2023-1721
The CVE-2023-1721 entry concerns Yoga Class Registration System v1.0 where an administrator can execute commands on the server due to improper validation of class thumbnails during upload. The related documents repeatedly describe a file-upload vulnerability that, enabled by admin privileges, all...
Yoga Class Registration System 跨站请求伪造漏洞
Yoga Class Registration System is a yoga class registration system by Carlo Montero Personal Developer. A cross-site request forgery vulnerability exists in Yoga Class Registration System version 1.0, which stems from the application failing to properly validate class thumbnails uploaded by an...
PT-2023-17190 · Unknown · Yoga Class Registration System
Name of the Vulnerable Software and Affected Versions: Yoga Class Registration System version 1.0 Description: The issue allows an administrator to execute commands on the server due to the application's failure to correctly validate the thumbnails of the classes uploaded by the administrators...