CVE-2020-37126 Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...

CVE-2020-37126

CVE-2020-37126 affects Free Desktop Clock 3.0. A stack overflow in the Time Zones display name input can overwrite SEH registers via crafted Unicode input, triggering an access violation and potentially enabling arbitrary code execution. Documented impact is high/critical (local and network vecto...

CVE-2020-37124

CVE-2020-37124 affects B64dec 1.1.2. The vulnerability is a buffer overflow that allows arbitrary code execution by overwriting the Structured Exception Handler (SEH) with crafted input during the base64 decoding process. An egg-hunter technique and a carefully constructed payload are described a...

CVE-2020-37124 B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during...

CVE-2020-37124 B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during...

CVE-2020-37119

CVE-2020-37119 affects Nsauditor 3.0.28 and 3.2.1.0. A buffer overflow in the DNS Lookup tool allows an attacker to overwrite memory with a crafted DNS query payload, bypass ASLR, and execute shellcode. Reported exploit details indicate a three-byte overwrite, with potential for arbitrary code ex...

CVE-2020-37119 Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

USN-8019-1: tracker-miners vulnerabilities

Fatih Çelik discovered that tracker-miners incorrectly handled certain malformed MP3 files. An attacker could use this issue to cause tracker-miners to crash, resulting in a denial of service, or possibly execute arbitrary code...

Out-of-bounds Write

org.apache.hadoop:hadoop-hdfs-native-client is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds checking in the HDFS native client, which allows an attacker to trigger memory corruption by writing outside allocated buffers, potentially leading to denial of service or...

Important: Red Hat Security Advisory: python3.12-wheel security update

An update for python3.12-wheel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can trigger a client-side heap buffer overflow in the ClearCodec bands decode path. This vulnerability, caused by crafted band coordinates, allows writes past the end of the destination surface...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

RLSA-2026:1939 Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12-wheel security update

An update is available for python3.12-wheel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

CVE-2025-10314

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...

CVE-2025-10314 Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...

CVE-2025-65079

A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...

CVE-2025-65081

An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...

CVE-2025-65078

An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code...

CVE-2025-65077

A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...