perfetto:trace_processor_fuzzer: Heap-use-after-free in std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::begin

Project: https://android.googlesource.com/platform/external/perfetto/ Detailed Report: https://oss-fuzz.com/testcase?key=5636845317914624 Project: perfetto Fuzzing Engine: honggfuzz Fuzz Target: traceprocessorfuzzer Job Type: honggfuzzasanperfetto Platform Id: linux Crash Type: Heap-use-after-fre...

Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents

The Apache Openofffice project reports: CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents Description A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the...

MyBO has a flawed logic vulnerability

MyBO is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in MyBO's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

Project Open v5.0.3 PMS - Multiple Web Vulnerabilities

Document Title: =============== Project Open v5.0.3 PMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2225 Release Date: ============= 2020-04-24 Vulnerability Laboratory ID VL-ID: ==================================== 22...

CVE-2020-10913

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Git Input Validation Error Vulnerability (CNVD-2020-33252)

Git is a free, open source distributed version control system. An input validation error vulnerability exists in Git. An attacker can exploit this vulnerability to disclose sensitive information via a specially crafted malicious URL...

svg2png cross-site scripting vulnerability

svg2png is a format converter that can convert SVG format files to PNG format files. A security vulnerability exists in svg2png version 4.1.1. No details of the vulnerability are provided at this time...

CVE-2020-11877

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector IV for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code...

CVE-2020-11877

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector IV for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code...

PT-2020-12911 · Zoom · Zoom Client For Meetings

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings version 4.6.11 Description: The issue concerns the use of a static Initialization Vector IV for AES-256 CBC encryption in the airhost.exe component. Specifically, the IV used is 3423423432325249. The vendor notes that...

kernel: powerpc: local user can read vector registers of other users' processes via an interrupt

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes during a hardware interrupt. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupted with...

Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web...

CVE-2020-2964

Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Hyperion Financial Management product of Oracle Hyperion component: Security. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management...

Buffer overflow

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite component: Estimate and Actual Charges. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot...

CVE-2020-2908

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

Macs Framework 1.14f Cross Site Scripting / SQL Injection

Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2206 Release Date: ============= 2020-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting

Title: AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://www.app2pro.com Software Link: https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421 CVE: N/A Document Title: =============== AirDisk Pro v5.5.3 iOS -...

TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities

Document Title: =============== TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2215 Release Date: ============= 2020-04-15 Vulnerability Laboratory ID VL-ID: ==================================== 2215...