6109 matches found
Novel Online Shopping Malware Hides in Social-Media Buttons
A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitte...
[ASA-202011-13] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-202011-13 ========================================== Severity: Low Date : 2020-11-17 CVE-ID : CVE-2020-28030 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1258 Summary ======= The package wireshark-cli befo...
`Decoder<R>` can carry `R: !Send` to other threads
Affected versions of this crate implements Send for Decoder for any R: Read. This allows Decoder to contain R: !Send and carry move it to another thread. This can result in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard from a thread that didn't lock...
RUSTSEC-2020-0120 `Decoder<R>` can carry `R: !Send` to other threads
Affected versions of this crate implements Send for Decoder for any R: Read. This allows Decoder to contain R: !Send and carry move it to another thread. This can result in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard from a thread that didn't lock...
freerdp: out of bound read in rfx_process_message_tileset
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfxprocessmessagetileset. Invalid data fed to RFX decoder results in garbage on screen as colors. This has been patched in 2.1.0...
Medium: golang
Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...
Amazon Linux AMI : golang (ALAS-2020-1436)
The version of golang installed on the remote host is prior to 1.13.15-1.59. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1436 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...
Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats
An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...
OSV-2020-2085 UNKNOWN READ in decoder_fuzzer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26428 Crash type: UNKNOWN READ Crash state: decoderfuzzer...
openSUSE Security Update : brotli (openSUSE-2020-1578)
This update for brotli fixes the following issues : brotli was updated to 1.0.9 : - CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB boo1175825 - brotli -v now reports raw / compressed size - decoder: minor speed / memory usage improvements - encoder: fix rare access to...
OSV-2020-1976 Use-of-uninitialized-value in FLAC::Decoder::FuzzerStream::write_callback
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16503 Crash type: Use-of-uninitialized-value Crash state: FLAC::Decoder::FuzzerStream::writecallback writeaudioframetoclient readframe...
Amazon Linux 2 : golang (ALAS-2020-1494)
The version of golang installed on the remote host is prior to 1.13.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1494 advisory. The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder...
Google Android libAACdec Information Disclosure Vulnerability
Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in Android version 11 libAACdec. The vulnerability stems from a configuration or other error in the operation of a networked system or product. An...
CVE-2020-24753
A memory corruption vulnerability in Objective Open CBOR Run-time oocborrt in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation CBOR input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings...
Medium: golang
Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...
CVE-2020-1593
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...
CVE-2020-1508
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...
CVE-2020-1508
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...
Remote code execution
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a...
CVE-2020-1593 Windows Media Audio Decoder Remote Code Execution Vulnerability
...