DEBIAN-CVE-2021-32437

The gfhinterfinalize function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...

UBUNTU-CVE-2021-32438

The gfmediaexportfilters function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...

pdfbox: OutOfMemory-Exception while loading a crafted PDF file

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions...

GPAC 代码问题漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a null pointer dereference vulnerability exists in the MediaRewriteODFrame function in GPAC version 1.0.1. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted fil...

GPAC 代码问题漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. gfhinterfinalize function in GPAC version 1.0.1 is vulnerable to null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted file in the MP4Box...

Fuzz Off: How to Shake Up Code to Get It Right – Podcast

LAS VEGAS – In 2014, two teams of security researchers independently started fuzz testing OpenSSL. Within days, the advanced black-box software technique led to an exploitable vulnerability in OpenSSL: namely, the Heartbleed vulnerability. What is fuzzing? That’s what the FuzzCon event is all...

CVE-2020-36457

An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T...

ZTE ZXIPTV 跨站脚本漏洞

ZTE ZXIPTV is a set-top box from ZTE ZTE. A cross-site scripting vulnerability exists in ZTE ZXIPTV EASP version 5.06.04.09, which stems from the application's lack of validation of user input data and filtering of input data. The vulnerability can be exploited by an attacker to trick a user into...

CVE-2021-30586

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30586

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30586

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30586

CVE-2021-30586 is a use-after-free vulnerability in Chrome’s dialog-box handling on Windows, affecting Chrome versions before 92.0.4515.107. A remote attacker could exploit this by convincing a user to install a malicious extension and by presenting a crafted HTML page, potentially triggering hea...

CVE-2021-30586

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30586

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

Command injection

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

OpenPLC 代码注入漏洞

OpenPLC is an open source programmable logic controller. It can provide low-cost industrial solutions for automation and research. A code injection vulnerability exists in OpenPLC v3, which originates from the failure of the Hardware Layer Code Box component of the /hardware page of the product's...

PT-2021-19453 · Unknown · Open Plc Webserver

Name of the Vulnerable Software and Affected Versions: Open PLC Webserver version 3 Description: Command Injection in Open PLC Webserver allows remote attackers to execute arbitrary code via the Hardware Layer Code Box component on the "/hardware" page of the application. Recommendations: As a...

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...

CVE-2021-24458

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...