The vulnerability of the zzip_mem_disk_new function in the ZZIPlib compression library, which allows a hacker to cause a service failure.

The vulnerability of the zzipmemdisknew function in the ZZIPlib compression library is related to the failure to release resources after their useful period has ended. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially created zip file...

CVE-2020-1564

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

The vulnerability of the parse_report() function in the whoopsie error logging service allows a violator to trigger a service failure.

The vulnerability of the parsereport function in the whoopsie error reporting service is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a perpetrator to cause a service failure using a specially crafted file...

The vulnerability of the Windows Jet Database Engine database management system allows a hacker to execute arbitrary code.

The vulnerability of the Windows Jet Database Engine database management system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...

Security Vulnerabilities fixed in Firefox 79 — Mozilla

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...

The vulnerability of Microsoft Office, Microsoft Word, and Microsoft SharePoint packages lies in the improper handling of objects in memory, which allows an attacker to execute arbitrary code.

The vulnerability of Microsoft Office, Microsoft Word, and Microsoft SharePoint programs is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code using a specially created file...

Microsoft Outlook Remote Code Execution Vulnerability (CNVD-2020-45313)

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Outlook, which arises from the program's failure to properly handle objects in memory. An attacker can exploit the vulnerability by means of a special...

PT-2020-15414 · Jenkins · Jenkins Play Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Play Framework Plugin versions 1.0.2 and earlier Description: The issue concerns an OS command injection vulnerability. It occurs because a form validation endpoint in the Play Framework Plugin executes the play command to validate a...

The vulnerability of the Windows Jet Database Engine component of the operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Jet Database Engine component of the Windows operating system is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file...

Microsoft Excel Buffer Overflow Vulnerability (CNVD-2020-41714)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A buffer overflow vulnerability exists in Microsoft Excel, which results from the program failing to properly handle memory objects. The vulnerability can be exploited to execute arbitrary code in the...

Valve Source Elevation of Privilege Vulnerability

Valve Source is a 3D game engine from the American company Valve. A security vulnerability exists in Valve Source. The vulnerability stems from a failure of a properly programmed call to an advanced native procedure. A local attacker can exploit the vulnerability by writing a file to...

Vulnerability of Windows operating systems related to insecure privilege management, allowing attackers to execute arbitrary code

The vulnerability of the Windows operating system is related to the insecure management of privileges. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a specially crafted .LNK file...

PT-2020-18907 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.5.0 Description: A specially crafted PNG file can cause an out-of-bounds write in the igcore19d.dll PNG pngread parser, resulting in remote code execution. An attacker needs to provide a malformed file to the...

MGASA-2020-0056 Updated gthumb packages fix security vulnerability

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...

Stripo Inc: csrf bypass using flash file + 307 redirect method at plugins endpoint

Hi Security team, i have found that the request sent to https://my.stripo.email/cabinet/stripeapi/v1/plugin/$userid$/plugins don't have any protection against csrf attacks as the server only validates that the content type is application/json and this can be bypassed using the flash file + 307...

The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially crafted web page or file...

CVE-2019-6337

For the printers listed a maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device...

PYSEC-2019-245

Exiv2::PngImage::readMetadata in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service heap-based buffer over-read via a crafted image file...

Unspecified vulnerability in ZZCMS user/manage.php file

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in the user/manage.php file in ZZCMS 8.3 and earlier versions. An attacker can exploit the vulnerability to execute code...

The vulnerability of the gtbl document editing tool from the groff package, related to errors in pointer arithmetic, allows a perpetrator to trigger a service failure.

The vulnerability of the gtbl document editing tool from the groff package is related to errors in pointer manipulation at address 0x0000000000409400. Exploiting this vulnerability could allow an attacker to cause a service failure by passing a specially crafted file as an argument to the command...