K000160853: Multiple Vim vulnerabilities

Security Advisory Description CVE-2026-28417 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an...

📄 BuptLab DNS Relay Server 1.0 Buffer Underflow

This is a proof of concept exploit that leverages a remote heap buffer underflow denial of service vulnerability in BuptLab DNS Relay Server version 1.0.0 that was recently discovered by Antonius...

EUVD-2008-6040

Malware in sbrugna...

EUVD-2013-1732

Malware in sbrugna...

EUVD-2025-11554

Malicious code in bioql PyPI...

Fortinet Fortigate Heap buffer underflow in administrative interface (FG-IR-23-001)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-001 advisory. - A buffer underflow vulnerability in FortiOS & FortiProxy HTTP/HTTPS administrative interface could allow an unauthenticated...

CVE-2023-24551

A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2023 All versions V223.0Update2. The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute...

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. A heap buffer underflow in smtpungetc allows an attacker to execute arbitrary code on the host OS...

PT-2020-18891 · Valve · Game Networking Sockets

Name of the Vulnerable Software and Affected Versions: Valve's Game Networking Sockets versions prior to v1.2.0 Description: The issue arises from the improper handling of unreliable segments with negative offsets in the SNP ReceiveUnreliableSegment function, leading to a Heap-Based Buffer...

DEBIAN-CVE-2017-11110

The oleinit function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service heap-based buffer underflow and application crash or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer...

Ruby: sprintf combined format string attack

In a ticket that was also reported to "shopify-scripts" regarding "MRuby", I reported in details a combined attack against the sprintf gem: Information leak Heap buffer underflow The full ticket details can be found in: Ticket 212239 The ticked was opened several minutes ago but I add it in case ...

shopify-scripts: sprintf gem - format string combined attack

In the sprintf gem, NOT included in mruby-engine, there are severe vulnerabilities, including information leak, and heap buffer overflow. Here are the technical details. Technical Error 1: ============== The CHECKl macro can sometimes receive negative values, that will bypass the size checks, sin...

cURL and libcurl Cookie Path Parsing Remote Code Execution (CVE-2015-3145)

A heap buffer underflow vulnerability exists in cURL and libcurl. The vulnerability is due error when parsing a cookie path in an HTTP response. A remote, unauthenticated attackers can exploit this vulnerability by enticing user to perform a cURL on a crafted URL or provide malicious HTTP respons...

libxml2: Heap-buffer-underflow in xmlParseAttValueComplex

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML...

RHEL 5 / 6 : libxml2 (RHSA-2012:1512)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1512 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found ...

SuSE 10 Security Update : ncompress (ZYPP Patch Number 1911)

Lack of bounds checking in the decompression routine could result in a heap buffer underflow. Attackers could potentially exploit this to execute arbitrary code by tricking users into decompressing a specially crafted archive. CVE-2006-1168 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...