Integer overflow

An integer overflow at a ureadundo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

CVE-2017-6350

An integer overflow at an unserializeuep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

CVE-2017-6350

CVE-2017-6350 affects Vim. It is an integer overflow at a memory allocation site (unserialize_uep) when reading a corrupted undo file, potentially causing buffer overflows. The vulnerability is in Vim before the patch 8.0.0378. Public references note the issue alongside related CVEs (e.g., CVE-20...

CVE-2017-6350

An integer overflow at an unserializeuep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

CVE-2017-6349

An integer overflow at a ureadundo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows...

tcpdump buffer overflow vulnerability (CNVD-2017-02324)

tcpdump is a set of sniffing tools developed by the Tcpdump team that runs under the command line. The tool allows users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer. A buffer overflow vulnerability exists in several functions of th...

SMBv3 remote denial of service(BSOD)vulnerability analysis-vulnerability warning-the black bar safety net

! Foreword I was a rookie, the big cow light spray. This SMBv3 vulnerability is by lgandx broke the A not is Microsoft to fix the vulnerability, not the release patch, and the vulnerabilities come out after I did some analysis, and spend a lot of time, this loophole has some meaning, but for the...

ALPINE-CVE-2017-5953

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow...

UBUNTU-CVE-2017-5953

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow...

Microsoft Windows SMB Tree Connect Response Denial of Service Vulnerability

Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows when processing SMB traffic. The vulnerability arises because Windows fails to properly handle the processing of a server response as defined in the SMB2 TREECONNECT response structure that...

Microsoft Windows SMB2 Tree Connect Response Denial of Service (MS17-012: CVE-2017-0016)

A denial of service vulnerability has been reported in Microsoft Windows SMB2. The vulnerability is due to insufficient sanitization over SMB2 Tree Connect response messages...

Microsoft Windows 10 - SMBv3 Tree Connect (PoC) Exploit

Exploit for windows platform in category dos / poc // Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41222.zip import sys, struct, SocketServer from odict import OrderedDict from datetime import datetime from calendar import timegm class Packet:...

Microsoft Windows 10 - SMBv3 Tree Connect (PoC)

Microsoft Windows 10 - SMBv3 Tree Connect PoC Full Proof of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41222.zip import sys, struct, SocketServer from odict import OrderedDict from datetime import datetime from calendar import timegm class Packet:...

Microsoft Windows 10 - SMBv3 Tree Connect (PoC)

Full Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41222.zip import sys, struct, SocketServer from odict import OrderedDict from datetime import datetime from calendar import timegm class Packet: fields = OrderedDict "data", "", def initself, k...

DEBIAN-CVE-2016-7940

The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions...

CVE-2016-5207

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Design/Logic Flaw

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...

CVE-2016-5204

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2016-5207

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...