PT-2020-2148 · Videolabs +1 · Libmicrodns +1

Name of the Vulnerable Software and Affected Versions: Videolabs libmicrodns version 0.1.0 Description: The issue is related to a denial-of-service condition that can occur due to improper resource allocation handling when parsing mDNS messages. If errors are encountered during this process, some...

Internet Bug Bounty: Cache Manager ACL Bypass

Summary: ACL Manager can be bypassed giving non authorized users to squid-internal-mgr. Possible to bypass other urlregex, but only focused on manager. with the hostname of the server running squid echo -e "GET https://jeriko.one%252f@:3128/squid-internal-mgr/activerequests HTTP/1.1\r\n\r\n" |nc...

python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c

A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the...

Artica Pandora FMS Remote Code Execution Vulnerability (CNVD-2020-19576)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote code execution vulnerability exists in Pandora FMS 7.0 NG. The vulnerability stems from...

GHSA-22JR-VC7J-G762 Potential buffer overflow in psd-tools

Impact An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malformed PSD input data during decoding to the PIL.Image or NumPy format, leading to a Buffer Overflow. Patches Users of psd-tools version v1.8.37 to v1.9.3 should upgrade to...

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

CVE-2020-5844

Pandora FMS v7.0 NG (specifically v7.0NG.742_FIX_PERL2020) is affected by CVE-2020-5844. The vulnerability resides at index.php?sec=godmode/extensions&sec2=extensions/files_repo, where authenticated administrators can upload arbitrary PHP scripts and trigger execution by base64-decoding the file ...

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

PT-2020-18753 · Artica · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.0NG.742 FIX PERL2020 Description: The issue allows authenticated administrators to upload malicious PHP scripts and execute them via base64 decoding of the file location. This is achieved through the...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

PYSEC-2020-91

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

PYSEC-2020-91

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

Design/Logic Flaw

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

CVE-2020-10571

The CVE-2020-10571 issue affects psd-tools prior to v1.9.4, where the Cython implementation of RLE decoding fails to validate input data. This can be triggered by malicious or malformed PSD input, with documented advisories describing a related buffer overflow scenario when the Cython path is use...

Internet Bug Bounty: CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()

Hello, There is an out-of-bounds write that is likely exploitable while performing Huffman decoding of Fax images. The technical details are as follows. Type: integer underflow produces out of bounds heap/etc write Platform: 32-bit Details: 390 MagickExport MagickPassFail HuffmanDecodeImageImage...

Libnsgif Buffer Overflow Vulnerability (CNVD-2020-16720)

Libnsgif is a decoding library for GIF image file format written in C language. A security vulnerability exists in the 'gifnextLZW' function of the libnsgif.c file in Libnsgif version 0.1.2. An attacker can exploit this vulnerability to cause a denial of service out-of-bounds read and application...

CVE-2020-10223

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::createpopupformarkup+0x12fbe via a crafted PDF document...

Design/Logic Flaw

Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...