CVE-2012-0282
published 2012-07-17CVE-2012-0282: Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.45%
93.7th percentile
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
| xnview | xnview | <= 1.98.8 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
ghsa·2022-05-05
CVE-2013-0282 [MEDIUM] CWE-287 OpenStack Keystone allows context-dependent attackers to bypass access restrictions
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
GHSA
GHSA-wg3f-8g7x-m3mv: Heap-based buffer overflow in XnView before 1
ghsa_unreviewed·2022-05-04
CVE-2012-0282 [MEDIUM] CWE-119 GHSA-wg3f-8g7x-m3mv: Heap-based buffer overflow in XnView before 1
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
Red Hat
Keystone: EC2-style authentication accepts disabled user/tenants
vendor_redhat·2013-02-19·CVSS 5.0
CVE-2013-0282 [MEDIUM] Keystone: EC2-style authentication accepts disabled user/tenants
Keystone: EC2-style authentication accepts disabled user/tenants
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
No detection rules found.
No writeups or analysis indexed.
http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858http://secunia.com/advisories/48666http://www.exploit-db.com/exploits/19335http://www.osvdb.org/83086http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=51http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858http://secunia.com/advisories/48666http://www.exploit-db.com/exploits/19335http://www.osvdb.org/83086http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=51
2012-07-17
Published