CVE-2020-37124

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during...

CVE-2020-37119

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

CVE-2020-37126

Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...

CVE-2020-37126 Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...

CVE-2020-37126

CVE-2020-37126 affects Free Desktop Clock 3.0. A stack overflow in the Time Zones display name input can overwrite SEH registers via crafted Unicode input, triggering an access violation and potentially enabling arbitrary code execution. Documented impact is high/critical (local and network vecto...

CVE-2020-37124

CVE-2020-37124 affects B64dec 1.1.2. The vulnerability is a buffer overflow that allows arbitrary code execution by overwriting the Structured Exception Handler (SEH) with crafted input during the base64 decoding process. An egg-hunter technique and a carefully constructed payload are described a...

CVE-2020-37124 B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during...

CVE-2020-37124 B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during...

CVE-2020-37124

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during...

EUVD-2020-31047

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

CVE-2020-37119 Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

CVE-2020-37119

CVE-2020-37119 affects Nsauditor 3.0.28 and 3.2.1.0. A buffer overflow in the DNS Lookup tool allows an attacker to overwrite memory with a crafted DNS query payload, bypass ASLR, and execute shellcode. Reported exploit details indicate a three-byte overwrite, with potential for arbitrary code ex...

USN-8019-1: tracker-miners vulnerabilities

Fatih Çelik discovered that tracker-miners incorrectly handled certain malformed MP3 files. An attacker could use this issue to cause tracker-miners to crash, resulting in a denial of service, or possibly execute arbitrary code...

Out-of-bounds Write

org.apache.hadoop:hadoop-hdfs-native-client is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds checking in the HDFS native client, which allows an attacker to trigger memory corruption by writing outside allocated buffers, potentially leading to denial of service or...

Important: Red Hat Security Advisory: python3.12-wheel security update

An update for python3.12-wheel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can trigger a client-side heap buffer overflow in the ClearCodec bands decode path. This vulnerability, caused by crafted band coordinates, allows writes past the end of the destination surface...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

RLSA-2026:1939 Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12-wheel security update

An update is available for python3.12-wheel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume th...