Cookie Consent by Free Privacy Policy Generator Aktuallisiere deine Cookie Einstellungen πŸ“Œ CVE-2022-39239
Team IT Security Nachrichtenportal Logo


πŸ“š CVE-2022-39239


πŸ’‘ Newskategorie: SicherheitslΓΌcken
πŸ”— Quelle: web.nvd.nist.gov

netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site. ...



πŸ“Œ Bugtraq: Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831


πŸ“ˆ 3.97 Punkte

πŸ“Œ Bugtraq: CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom


πŸ“ˆ 2.98 Punkte

πŸ“Œ Bugtraq: CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom


πŸ“ˆ 2.98 Punkte

πŸ“Œ Multiple Security Updates Affecting TCP/IP:β€― CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


πŸ“ˆ 2.98 Punkte

πŸ“Œ Multiple Security Updates Affecting TCP/IP:β€― CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


πŸ“ˆ 2.98 Punkte

πŸ“Œ Microsoft patches three exploited zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)


πŸ“ˆ 2.98 Punkte

πŸ“Œ Multiple Security Updates Affecting TCP/IP:β€― CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


πŸ“ˆ 2.98 Punkte

πŸ“Œ Bugtraq: CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.98 Punkte

πŸ“Œ [papers] - Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.98 Punkte

πŸ“Œ [papers] - Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]


πŸ“ˆ 1.98 Punkte

πŸ“Œ Is CVE-2017-0199 the new CVE-2012-0158?


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674]


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)


πŸ“ˆ 1.98 Punkte

πŸ“Œ Bugtraq: [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool


πŸ“ˆ 1.98 Punkte

πŸ“Œ Mozilla Firefox CVE-2007-2175 memory corruption [CVE-2007-2176]


πŸ“ˆ 1.98 Punkte

πŸ“Œ Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739


πŸ“ˆ 1.98 Punkte

πŸ“Œ flatpak: CVE-2019-8308: vulnerability similar to runc CVE-2019-5736 involving /proc/self/exe


πŸ“ˆ 1.98 Punkte











matomo