Integer overflow

In ffjpeg commit hash: caade60, the function bmpload in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfifencode in jfif.c. This is due to the incomplete patch for issue 38...

PT-2022-19049 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg affected versions not specified Description: The issue is related to an integer overflow vulnerability in the bmp load function in bmp.c, which can lead to a heap overflow in jfif encode in jfif.c. This vulnerability is a result of an...

CVE-2021-45385

A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 2021-12-06 in bmpload. When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to pb-pdata and did not exit the program. So the program crashes when it tries to access the pb-data, i...

VulnCheck KEV: CVE-2018-18325

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811...

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

Advisory ROSA-SA-2021-1957

Software: python 2.7.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-7040 CVE-Crit: CRITICAL. CVE-DESC: Python 2.7 through 3.4 uses only the last eight bits of the prefix to randomize hash values, causing it to compute hash values without limiting the ability to predictably initiate hash code collisions and...

October CMS 安全漏洞

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. October CMS has a security vulnerability that exists from an incomplete implementation of the previously patched vulnerabilities VU48707 and VU48710 patches. A remote authenticated...

SUSE: Security Advisory (SUSE-SU-2019:1866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2952-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMware Fusion USB Arbitrator Setuid Privilege Escalation

This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3. The Open VMware USB Arbitrator Service can be launched outide of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, a...

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

PT-2019-12172 · WordPress · Wp Live Chat Support

Name of the Vulnerable Software and Affected Versions: WP Live Chat Support Pro plugin versions through 8.0.26 Description: The issue arises from an incomplete patch, resulting in an arbitrary file upload vulnerability. This vulnerability can be exploited by an unauthenticated remote user...

Ubuntu 14.04 LTS : Ruby regression (USN-3621-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3621-2 advisory. USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch...

USN-3621-2: Ruby regression

USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly...

DEBIAN-CVE-2016-7446

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...

Buffer overflow

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...

CVE-2015-8668

Heap-based buffer overflow in the PackBitsPreEncode function in tifpackbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image...

DLA-375-1 libpng - security update

Bulletin has no description...

PHP 5.6.5 Released With Several Security Fixes

Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to...

CmsEasy the latest version 5. 5_UTF-8_20140802 bypass the four patches continue to SQL injection-vulnerability warning-the black bar safety net

CmsEasy the latest version 5. 5UTF-820140802, the front is the rain God to spare the three Tick: cmseasy bypass patchSQL injectionone Tick: continue to bypass cmseasy patches continue to inject Tick: continuous bypass cmseasy two patches continue to inject The latest inside also repair, but the...