4670 matches found
GandCrab Operators Resurface with REvil Malware
The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware – indicating that the group didn’t really retire after all. In late May, the GandCrab operators said they decided to ride off into the...
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated object. If initWithCoder: or any method it calls decodes the same object,...
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated...
ngiflib buffer overflow vulnerability (CNVD-2019-32484)
ngiflib is written in C language GIF image format decoding library. A buffer overflow vulnerability exists in the WritePixel of the ngiflib.c file in ngiflib version 0.4, which can be exploited by an attacker to cause a buffer overflow or heap overflow...
Updated monit packages fix security vulnerabilities
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...
USN-4124-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...
USN-4124-1 exim4 vulnerability
It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...
CVE-2019-1171
An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected...
Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461)
Summary IBM MQ Appliance has addressed a vulnerability in Network Security Services NSS. Vulnerability Details CVEID: CVE-2017-5461 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write during Base64 decoding operation...
NewStart CGSL MAIN 4.05 : nss Multiple Vulnerabilities (NS-SA-2019-0105)
The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by multiple vulnerabilities: - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted...
Buffer Overflow
libpng is vulnerable to buffer overflow. The attack exists because of a flaw in PNM decoding which causes a stack overflow in the function gettoken in pnm2png.c in pnm2png...
libopenmpt Input Validation Error Vulnerability (CNVD-2020-22391)
libopenmpt is a cross-platform C and C++ based audio library that decodes audio files into raw PCM audio streams. An input validation error vulnerability exists in libopenmpt. No details of the vulnerability are available at this time...
nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service...
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1 Exploit
There is a memory corruption vulnerability when decoding an object of class NSKnownKeysDictionary1. This class decodes an object of type NSKnownKeysMappingStrategy1, which decodes a length member which is supposed to represent the length of the keys of the dictionary. However, this member is...
Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)
/ description ; Title : X64 NOT +SHIFT-N+ XOR-N encoded /bin/sh - shellcode ; Author : Pedro Cabral ; Twitter : @CabrallPedro ; LinkedIn : https://www.linkedin.com/in/pedro-cabral1992 ; SLAE ID : SLAE64 - 1603 ; Purpose : spawn /bin/sh shell ; Tested On : Ubuntu 16.04.6 LTS ; Arch : x64 ; Size :...
Security update for ImageMagick (moderate)
openSUSE Security Update: Security update for ImageMagick Announcement ID: openSUSE-SU-2019:1795-1 Rating: moderate References: 1138425 1138464 Cross-References: CVE-2019-11597 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is n...
UBUNTU-CVE-2019-13626
SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...
Internet Bug Bounty: Basic Authentication Heap Overflow
Summary: An attacker can get arbitrary data overflowed in the heap via Basic Authorization base64 blob. Even when basic auth isn't configured. Report sent to developers When calling HttpHeader::getAuth the field value will be base64 decoded. The call to the decode method doesn't ensure that the...
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
AZL-44014 CVE-2018-14550 affecting package libpng15 1.5.30-15
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...