CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffileinline.c:83, minilzo.c redistributed. The attack vector is: nfdump must read and process a specially crafted file...

OPENSUSE-SU-2019:1657-1 Security update for exempi

This update for exempi fixes the following issues: - CVE-2018-12648: Fixed a NULL pointer dereference crash issue when processing webp files bsc1098946. This update was imported from the SUSE:SLE-15:Update update project...

CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exifprocessIFDTAG function. This may lead to information disclosure or crash...

CVE-2018-19020

When CX-Supervisor Versions 3.42 and prior processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array...

CVE-2016-1000282

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection...

SUSE-SU-2018:4194-1 Security update for ovmf

This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPENDWRITE bsc1115916. - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c bsc1115917. - CVE-2017-5732: Fixed...

Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

[SECURITY] Fedora 29 Update: ruby-2.5.3-99.fc29

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CVE-2018-17909

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application...

CVE-2018-17901

The CVE-2018-17901 entry concerns LAquis SCADA (versions 4.1.0.3870 and earlier). It describes a vulnerability in processing project files where input is not sanitized before write operations on a stack object, potentially allowing code to be executed in the context of the current process. Docume...

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

UPDATE Cisco Systems has issued a second warning for a critical static credential bug in its IOS XE software, which allows an unauthenticated attacker to gain access to targeted systems. The security bulletin comes more than six months after the company initially reported the bug and provided a...

Artifex Ghostscript Information Disclosure Vulnerability (CNVD-2020-54498)

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

UBUNTU-CVE-2018-16335

newoffsets handling in ChopUpSingleUncompressedStrip in tifdirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a...

CVE-2018-10921

CVE-2018-10921 affects the ttembed input file processing component. The connected documents describe an integer overflow triggered by processing crafted input files due to a lack of checking return codes from fgetc/fputc, potentially leading to input file corruption. Several sources (including Ne...

CVE-2017-2587

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash...

MULTIPROG suffers from a buffer overflow vulnerability in processing LST files

MULTIPROG is the PLC programming software of TENGCONTROL TECHNOLOGY China. MULTIPROG has a buffer overflow vulnerability in the handling of LST files, where an attacker can cause a buffer overflow and arbitrary code execution by constructing a malformed LST file...

MGASA-2018-0225 Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

Integer overflow

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An...

MGASA-2018-0209 Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

OMRON CX-One CX-Motion sscanf Stack-based Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of M...