CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10061
https://notcve.org/view.php?id=CVE-2019-10061
26 Mar 2019 — utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. utils/find-opencv.js in node-opencv (también conocido como enlaces de OpenCV para Node.js), en versiones anteriores a la 6.1.0, es vulnerable a la inyección de comandos. No valida la entrada de usuario permitiendo, así, que los atacantes ejecuten comandos arbitrarios. • https://github.com/ossf-cve-benchmark/CVE-2019-10061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16066
https://notcve.org/view.php?id=CVE-2017-16066
07 Jun 2018 — opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. "opencv.js" era un módulo malicioso publicado para secuestrar variables de entorno. Ha sido retirado por npm. • https://nodesecurity.io/advisories/505 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-506: Embedded Malicious Code •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16067
https://notcve.org/view.php?id=CVE-2017-16067
07 Jun 2018 — node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. node-opencv era un módulo malicioso publicado para secuestrar variables de entorno. Ha sido retirado por npm. • https://nodesecurity.io/advisories/506 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-506: Embedded Malicious Code •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10658
https://notcve.org/view.php?id=CVE-2016-10658
29 May 2018 — native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. native-opencv es la biblioteca de OpenCV instalada mediante npm. native-opencv descarga recursos binarios por HTTP, lo que lo deja vulnerable ... • https://nodesecurity.io/advisories/263 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7714
https://notcve.org/view.php?id=CVE-2018-7714
05 Mar 2018 — The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules / imgcodecs / src / loadsave.cpp en OpenCV 3.4.1 permite a los atacantes remotos causar u... • https://github.com/opencv/opencv/issues/10998 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7712
https://notcve.org/view.php?id=CVE-2018-7712
05 Mar 2018 — The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules/imgcodecs/src/loadsave.cpp en OpenCV versión 3.4.1 permite a los atacantes remotos c... • https://github.com/opencv/opencv/issues/10998 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7713
https://notcve.org/view.php?id=CVE-2018-7713
05 Mar 2018 — The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters. ** EN DISPUTA ** La función validateInputImageSize en modules/imgcodecs/src/loadsave.cpp en OpenCV versión 3.4.1 permite a los atacantes remotos ca... • https://github.com/opencv/opencv/issues/10998 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-5269
https://notcve.org/view.php?id=CVE-2018-5269
08 Jan 2018 — In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. En OpenCV 3.3.1, ocurre un fallo de aserción en cv::RBaseStream::setPos en modules/imgcodecs/src/bitstrm.cpp debido a un pase de enteros incorrecto. • http://www.securityfocus.com/bid/106945 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-5268
https://notcve.org/view.php?id=CVE-2018-5268
08 Jan 2018 — In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. En OpenCV 3.3.1, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en cv::Jpeg2KDecoder::readComponent8u en modules/imgcodecs/src/grfmt_jpeg2000.cpp al analizar un archivo de imagen manipulado. • http://www.securityfocus.com/bid/106945 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2017-1000450
https://notcve.org/view.php?id=CVE-2017-1000450
02 Jan 2018 — In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. En opencv/modules/imgcodecs/src/utils.cpp, las funciones FillUniColor y FillUniGray no comprueban la longitud de la entrada, lo que puede conducir a un desbordamiento de enteros. Si la imagen proviene de una fuente remota, podría provocar la... • https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor • CWE-190: Integer Overflow or Wraparound •