PT-2022-9202 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: A heap-based buffer overflow issue exists in the DecoderStream::Append functionality. This can be triggered by a specially-crafted file, potentially leading to code execution. An attacker can...

Accusoft ImageGear DecoderStream::Append heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

CVE-2021-40111 Apache James IMAP parsing Denial Of Service

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user nee...

PT-2021-24335 · Ultrajson +4 · Ultrajson +4

Name of the Vulnerable Software and Affected Versions: UltraJSON aka ujson versions 1.34 through 5.1.0 Description: The issue is a stack-based buffer overflow in Buffer AppendIndentUnchecked, which is called from encode. This can be exploited, for example, by using a large amount of indentation...

DEBIAN-CVE-2021-44927

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gfsgvrmlmfappend function, which causes a segmentation fault and application crash...

UBUNTU-CVE-2021-44927

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gfsgvrmlmfappend function, which causes a segmentation fault and application crash...

Input validation

A vulnerability in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete...

CVE-2021-34761

CVE-2021-34761 affects Cisco Firepower Threat Defense (FTD) Software. The issue stems from incomplete validation of user input for a specific CLI command, enabling an authenticated local attacker (with administrative credentials) to overwrite or append arbitrary data to system files with root-lev...

GPAC安全漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a buffer overflow vulnerability exists in the stblAppendSize function in MP4Box in GPAC version 1.0.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service or...

OSV-2021-955 Stack-buffer-overflow in Buffer_AppendIndentUnchecked

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 Crash type: Stack-buffer-overflow WRITE 1 Crash state: BufferAppendIndentUnchecked encode encode...

OSV-2021-850 Heap-buffer-overflow in proto_item_append_text

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35102 Crash type: Heap-buffer-overflow READ 8 Crash state: protoitemappendtext dissectpfcp3gppenterpriseies calldissectorwork...

OSV-2021-563 Heap-use-after-free in AK::NonnullOwnPtr<JS::IndexedPropertyStorage>::operator->

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32459 Crash type: Heap-use-after-free READ 8 Crash state: AK::NonnullOwnPtr::operator- JS::IndexedProperties::arraylikesize JS::IndexedProperties::append...

CVE-2021-27197

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...

How to redirect to the same site using different URL append

This article will help you to configure a redirect policy to properly use different URL appends to reach the same site...

VulnCheck KEV: CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

OSV-2020-2201 Heap-buffer-overflow in String::append

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27912 Crash type: Heap-buffer-overflow READ 3 Crash state: String::append appendidentifier Itemfuncgetuservar::print...

squid: Cross-Site Request Forgery issue in HTTP Request processing

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c

In Libarchive 3.4.0, archivewstringappendfrommbs in archivestring.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive...

OSV-2020-640 Stack-buffer-overflow in ot::Message::Write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15447 Crash type: Stack-buffer-overflow READ Crash state: ot::Message::Write ot::Message::Append ot::AddressResolver::SendAddressQueryResponse...