Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-23109: Heap overflow in heif_colorconversion.cc:2263 · Issue #207 · strukturag/libheif

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

CVE
Open in Source
#vulnerability#dos

Related news

WordPress 4.9.6 Arbitrary File Deletion

WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.

CVE-2020-28969

Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.

CVE-2020-22674: Segmentation fault (ASAN: SEGV on unknown address) in the FixTrackID function of isom_intern.c:133 · Issue #1346 · gpac/gpac

An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

CVE-2021-40097: HackerOne

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

CVE-2021-40103: HackerOne

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.

CVE-2021-40104: HackerOne

An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.

CVE-2021-40105: HackerOne

An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.

CVE-2021-40106: 8.5.6 Release Notes :: Concrete CMS

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.

CVE-2021-40099: HackerOne

An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.

CVE-2021-40100: 8.5.6 Release Notes :: Concrete CMS

An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.

CVE-2021-22950: 8.5.6 Release Notes :: Concrete CMS

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"

CVE-2021-39535: A Segmentation fault in libxsmm_gemm_generator · Issue #398 · hfp/libxsmm

An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service.

CVE-2020-21049: Release v1.8.5 security update · saitoha/libsixel

An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.

CVE-2020-21048: Release v1.8.4 security update · saitoha/libsixel

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.

CVE-2021-22204: Update to 12.24 · exiftool/exiftool@cf0f4e7

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE