The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser, caused by an operation that goes beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a...

The vulnerability of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page or document...

The vulnerability of the Win32k component of the Windows operating system, which allows a hacker to execute arbitrary code in kernel mode

The vulnerability of the Win32k component of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in kernel mode using a specially created application...

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1047)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies t...

The vulnerability of the rfbproto.c component of the cross-platform library LibVNCServer, related to writing beyond buffer boundaries in memory, allows a perpetrator to cause a service failure and gain unauthorized access to confidential data.

The vulnerability of the rfbproto.c component of the cross-platform library LibVNCServer is related to writing beyond buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause service failures and gain unauthorized access to confidential data...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect Upward Integration Modules (UIM) (CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512)

Summary There are multiple vulnerabilities in OpenSSL that is used by Upward Integration Modules UIM. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details Summary There are multiple vulnerabilities in OpenSSL that is used by Upward Integration Modules UIM...

Amazon Linux AMI : curl (ALAS-2019-1148)

A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct field within that...

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service...

Low: curl

Issue Overview: A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct fiel...

A vulnerability in the DHCP service of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability in the DHCP service of the Windows operating system arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted DHCP response...

The vulnerability of the COM Desktop Broker component of the Windows operating system allows a hacker to execute arbitrary code with elevated privileges.

The vulnerability of the COM Desktop Broker component in the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges using a specially created applicatio...

Notepad++: Security check failure or stack buffer overrun (crash)

poc.py 1 Run poc.py 2 Open notepad++.exe 3 Go to "Define language..." 4 Use tab "Comment and Number" 5 Open 1stfield.txt and copy content to clipboard 6 Paste clipboard on "Comment line style in field Open" 7 Open 2ndfield.txt and copy content to clipboard 8 Paste clipboard on "Comment line style...

Information Disclosure

rh-ruby24-ruby is vulnerable to information disclosure attacks. The vulnerability exists as Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap...

Internet Bug Bounty: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile

Phar files with HALTCOMPILER; in unexpected places can lead to a buffer overrun. This is something I found while fuzzing with AFL using an ASAN instrumented PHP. The issue can be observed by disabling the ZEND allocator and using ASAN or valgrind/etc? with a crafted phar as input. I have prepared...

SUSE-SU-2018:2204-2 Security update for libsoup

This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames bsc1100097. - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers bsc1052916. Bug fixes: - bsc1086036:...

The vulnerability of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory, allowing a malicious actor to execute arbitrary code in kernel mode.

The vulnerability of the Win32k component of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in kernel mode using a specially created application...

The vulnerability of the Internet Explorer browser arises from an operation that goes beyond the buffer in memory, allowing a malicious actor to execute arbitrary code in the context of the current user.

The vulnerability of the Internet Explorer browser arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the context of the current user, using a specially created web page...

The vulnerability in Internet Explorer, caused by an operation that goes beyond the buffer boundaries in memory, allows a malicious actor to execute arbitrary code with the privileges of the current user.

The vulnerability of the Internet Explorer browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with the privileges of the current user, through a specially created...

The vulnerability of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory, allowing a malicious actor to execute arbitrary code in kernel mode.

The vulnerability of the Win32k component of the Windows operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in kernel mode using a specially created application...