CVE-2017-12087

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability...

Heap overflow

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability...

CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

Design/Logic Flaw

A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution...

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

Computerinsel Photoline PCX Parsing Function Memory Corruption Vulnerability

PhotoLine is a multipurpose image and graphics editor. A memory corruption vulnerability exists in the PCX parsing feature of Computerinsel Photoline 20.53. An attacker can exploit the vulnerability by crafting a PCX image to cause out-of-bounds writes, overwrite arbitrary data, and thus enable...

PT-2018-16255 · Talos +1 · Computerinsel Photoline +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a...

PT-2018-16262 · Talos +1 · Computerinsel Photoline +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: A specially crafted TIFF image can cause an out-of-bounds write when processed, allowing an attacker to overwrite arbitrary data and potentially gain code execution by delivering a...

CVE-2018-3887

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability...

KYOCERA Multi-Set Template Editor 3.4 Out-Of-Band XML External Entity Injection

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

GHSA-H6RJ-8R3C-9GPJ bson is vulnerable to denial of service due to incorrect regex validation

BSON injection vulnerability in the legal function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

bson is vulnerable to denial of service due to incorrect regex validation

BSON injection vulnerability in the legal function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2018-5378

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

Design/Logic Flaw

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

CVE-2015-4412

CVE-2015-4412 affects the bson-ruby gem for Ruby, where the BSON-encoder/validator in the legal? function is vulnerable. A crafted string can be processed to trigger a denial of service (resource consumption) or allow injection of arbitrary data. The vulnerability is documented as affecting bson-...

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...