Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2021-3596: Null Pointer dereference caused by incomplete check of the return value from libxml2 in ReadSVGImage svg.c:3621 · Issue #2624 · ImageMagick/ImageMagick

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

CVE
Open in Source
#ubuntu#linux#git#php
CVE-2021-3596: Null Pointer dereference caused by incomplete check of the return value from libxml2 in ReadSVGImage svg.c:3621 · Issue #2624 · ImageMagick/ImageMagick

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

CVE-2022-24599: Memory-leak bug in printfileinfo, in printinfo.c · Issue #60 · mpruett/audiofile

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

CVE-2021-44566: Stored XSS Vulnerability (#259) · Issues · François Jacquet / rosariosis

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.

CVE-2022-25075: IOT_vuln/README.md at main · EPhaha/IOT_vuln

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

CVE-2022-24599: Memory-leak bug in printfileinfo, in printinfo.c · Issue #60 · mpruett/audiofile

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

CVE-2022-25080: IOT_vuln/README.md at main · EPhaha/IOT_vuln

TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

CVE-2022-25079: IOT_vuln/README.md at main · EPhaha/IOT_vuln

TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

CVE-2022-25078: IOT_vuln/README.md at main · EPhaha/IOT_vuln

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

CVE-2022-25076: IOT_vuln/README.md at main · EPhaha/IOT_vuln

TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.