SUSE: Security Advisory (SUSE-SU-2019:3056-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. A heap buffer underflow in smtpungetc allows an attacker to execute arbitrary code on the host OS...

OSV-2018-441 Stack-buffer-underflow in ps_index

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9970 Crash type: Stack-buffer-underflow READ 8 Crash state: psindex psrun evalpostscriptfunc...

CVE-2020-24658

Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to above any vulnerable arrays in the stack. The guard value is...

Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games

Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even...

CVE-2020-6016

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNPReceiveUnreliableSegment, leading to a Heap-Based Buffer Underflow and a free of memory not from the heap, resulting in a memory corruption and probably even a remot...

CVE-2020-6016

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNPReceiveUnreliableSegment, leading to a Heap-Based Buffer Underflow and a free of memory not from the heap, resulting in a memory corruption and probably even a remot...

CVE-2020-6016

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNPReceiveUnreliableSegment, leading to a Heap-Based Buffer Underflow and a free of memory not from the heap, resulting in a memory corruption and probably even a remot...

Exploit for Out-of-bounds Write in Php

CVE-2019-11043 PHP-FPM Remote Code Execution Screencast: htt...

PT-2020-18891 · Valve · Game Networking Sockets

Name of the Vulnerable Software and Affected Versions: Valve's Game Networking Sockets versions prior to v1.2.0 Description: The issue arises from the improper handling of unreliable segments with negative offsets in the SNP ReceiveUnreliableSegment function, leading to a Heap-Based Buffer...

CVE-2020-11202

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603...

CVE-2020-11202

CVE-2020-11202 concerns a buffer overflow/underflow when typecasting a CPU-passed buffer that is not aligned with the target structure size, affecting Qualcomm Snapdragon components across numerous lines (Auto, Compute, Consumer IOT, Industrial IOT, Mobile) including QCM6125, QCS410/603/605/610/6...

CVE-2020-11202

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603...

Exploit for Buffer Underflow in Microsoft

简介 安全行业小工具以及学习资源收集项目，此项目部分内容来自：https://www.t00ls.net/thread-38964-1-1.html 感谢其分享，这里只是作为个人备份，如有问题可邮件通知。 安全资源 安全资源包括安全书籍，资料，安全教程，学习平台等等。 设备基线加固资料 https://github.com/re4lity/Benchmarks https://learn.cisecurity.org/benchmarks https://nvd.nist.gov/ncp/repository 内网渗透学习资料...

OSV-2020-1851 Stack-buffer-underflow in fmt::v6::basic_format_args<fmt::v6::basic_format_context<std::__1::back_insert_i

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21794 Crash type: Stack-buffer-underflow READ 16 Crash state: fmt::v6::basicformatargsfmt::v6::basicformatcontextstd::1::backinserti fmt::v6::basicformatargsfmt::v6::basicformatcontextstd::1::backinserti...

FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A Distributed Evolutionary Binary Fuzzer For Pentesters

FLUFFI - A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will no...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2108, CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on 3 May 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2108 DESCRIPTION:...

Siemens SINUMERIK

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Vulnerabilities: Buffer Underflow, Heap-based Buffer Overflow, Improper Initialization, Out-of-bounds Read, Stack-based Buffer Overflow, Access of Memory Location After...

Arbitrary Code Execution

faad2 is vulnerable to arbitrary code execution. The vulnerability exists as there is a stack-based buffer underflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or...

Denial Of Service (DoS)

faad2 is vulnerable to denial of service DoS. It is a stack-based buffer underflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2. A crafted input will lead to a denial of service or possibly unspecified other impact because...