92 matches found
CVE-2021-26414
Windows DCOM Server Security Feature Bypass...
The vulnerability of the component libvncserver/hextile.c in the cross-platform library LibVNCServer allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the libvncserver/hextile.c component of the cross-platform library LibVNCServer arises from an operation that occurs outside the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility...
CVE-2020-11096
In FreeRDP before version 2.1.2, there is a global OOB read in updatereadcachebitmapv3order. As a workaround, one can disable bitmap cache with -bitmap-cache default. This is fixed in version 2.1.2...
UBUNTU-CVE-2020-14399
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed...
HTTP Request Smuggling
Amendment This was deemed not a vulnerability. Overview tiny-http is a Low level HTTP server library Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing...
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
CVE-2018-20352
Use-after-free vulnerability in the mgcgievhandler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
CVE-2018-20353
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mghttpgetprotodata function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
Design/Logic Flaw
Use-after-free vulnerability in the mgcgievhandler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
CVE-2018-20355
An invalid write of 8 bytes due to a use-after-free vulnerability in the mghttpfreeprotodatacgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
CVE-2018-20354
The CVE-2018-20354 issue affects Cesanta Mongoose Embedded Web Server Library (versions 6.13 and earlier). A use-after-free in mg_http_get_proto_data during a return causes an invalid read of 8 bytes, leading to denial of service (crash) or remote code execution. NVD data shows high/critical impa...
libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution...
ALPINE-CVE-2018-14598
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS segmentation fault...
SUSE-SU-2018:1781-1 Security update for mariadb
MariaDB was updated to 10.0.35 bsc1090518 Notable changes: PCRE updated to 8.42 XtraDB updated to 5.6.39-83.1 TokuDB updated to 5.6.39-83.1 InnoDB updated to 5.6.40 The embedded server library now supports SSL when connecting to remote servers bsc1088681, CVE-2018-2767 MDEV-15249 - Crash in MVCC...
CVE-2017-16155
fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
SUSE-SU-2018:1382-1 Security update for mariadb
MariaDB was updated to 10.0.35 bsc1090518 Notable changes: PCRE updated to 8.42 XtraDB updated to 5.6.39-83.1 TokuDB updated to 5.6.39-83.1 InnoDB updated to 5.6.40 The embedded server library now supports SSL when connecting to remote servers bsc1088681, CVE-2018-2767 MDEV-15249 - Crash in MVCC...
PT-2018-2503 · Live555 +2 · Live555 Rtsp Server Library +2
Name of the Vulnerable Software and Affected Versions: LIVE555 RTSP server library version 0.92 Description: The issue is related to a buffer overflow error in the HTTP packet parser implementation of the LIVE555 RTSP server library. This can be exploited by a remote attacker using a specially...
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...