Arbitrary Code Execution

gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists as multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov fil...

Arbitrary Code Execution

gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists as multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov fil...

The vulnerability of the IGMPv3 protocol in real-time operating systems like Wind River VxWorks allows a attacker to trigger a service failure.

The vulnerability of IGMPv3 protocols in real-time operating systems like Wind River VxWorks is related to an array indexing error. Exploiting this vulnerability could allow a malicious actor to cause service failure by renaming “NULL” as IGMP...

Huawei EulerOS: Security Advisory for libpng12 (EulerOS-SA-2019-1391)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the microprogramming software in Huawei Nova 5i pro and Nova 5 mobile phones, related to unverified array indexing, allows attackers to execute arbitrary code.

The vulnerability of the microprogramming software in Huawei Nova 5i pro and Nova 5 mobile phones is related to unverified array indexing. Exploiting this vulnerability could allow a hacker to execute arbitrary code through a specially created application...

In-depth exploration found in the wild iOS exploit chain III-vulnerability warning-the black bar safety net

Overview This article exploits the chain's target is iOS 11-11. 4. 1, spanning nearly 10 months. This is what we observed first having a separate sandbox escape exploits chain. The sandbox escape vulnerability is libxpc in more serious security problem, wherein the reconstruction will lead to a W...

Foxit PhantomPDF < 8.3.11 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.11. It is, therefore affected by multiple vulnerabilities: - An uninitialized pointer flaw exists when calling xfa.event.rest XFA JavaScript that can cause the...

EulerOS Virtualization for ARM 64 3.0.1.0 : libpng12 (EulerOS-SA-2019-1391)

According to the versions of the libpng12 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An array-indexing error was discovered in the pngconverttorfc1123 function of libpng. An attacker could possibly use...

WebKit JavaScriptCore - &#039;createRegExpMatchesArray&#039; Type Confusion

/ Prerequisites ------------- In JavaScriptCore, JSObjects have an associated Structure: an object describing various aspects of the JSObject such as its type, its properties, and the type of elements being stored e.g. unboxed double or JSValues. Whenever a property is added to an object or some...

The vulnerability of the SNMP NAT module in Linux operating systems allows attackers to increase their privileges or cause service failures.

The vulnerability of the SNMP NAT module net/ipv4/netfilter/nfnatsnmpbasicmain.c in the Linux operating system is due to indexing errors in the array. Exploiting this vulnerability can allow an attacker to increase their privileges or cause service failures...

Information Disclosure

libpng is vulnerable to information disclosure. An array-indexing error was discovered in the pngconverttorfc1123 function. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

Design/Logic Flaw

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks...

CVE-2018-4210

CVE-2018-4210 concerns WebKit’s JavaScriptCore on Apple platforms (iOS, Safari, tvOS, watchOS) and iTunes on Windows. The vulnerability is an array indexing issue in the handling of a function within JavaScriptCore, which could lead to memory corruption if exploited. Apple’s references indicate t...

The vulnerability of the Qualcomm operating system Android component, which allows a hacker to trigger a buffer overflow in memory

The vulnerability of the Qualcomm Android operating system is related to array indexing errors. Exploiting this vulnerability can allow attackers to cause buffer overflows in memory by using malicious XML data in the firehose directory...

The vulnerability of the Word document processor, the Atlantis Word Processor, allows a hacker to execute arbitrary code.

The vulnerability of the Atlantis Word Processor document processing tool is caused by indexing errors in arrays. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the application, using a specially created document...

Design/Logic Flaw

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...