openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)

This update for MozillaFirefox fixes the following issues : MozillaFirefox was updated to 60.7.0esr boo1135824 MFSA 2019-14 : - CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removin...

Mozilla: Buffer overflow in WebGL bufferdata on Linux

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.. This...

CVE-2019-12158

GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension...

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

BufferOverflow

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response,...

CVE-2019-11411

An issue was discovered in Artifex MuJS 1.0.5. The NumbertoFixed and numtostr implementations in jsnumber.c have a stack-based buffer overflow...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-664)

This update for MozillaThunderbird to version 60.0 fixes the following issues : These security issues were fixed : - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element bsc1098998. - CVE-2018-12360: Prevent use-after-free when using focus bsc1098998. - CVE-2018-12361:...

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL. $ gdb -q --args...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:0182-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation

Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation / Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version -...

CVE-2018-19873

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data...

CVE-2018-20365

LibRaw::raw2image in librawcxx.cpp has a heap-based buffer overflow...

MariaDB Client 10.1.26 - Denial of Service (PoC)

MariaDB Client 10.1.26 - Denial of Service PoC Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 usin...

MariaDB Client 10.1.26 - Denial of Service Exploit

Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...

MariaDB Client 10.1.26 - Denial of Service (PoC)

Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...

Snes9K 0.0.9z - Buffer Overflow (SEH)

Snes9K 0.0.9z - Buffer Overflow SEH...

CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

CVE-2018-14338

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2018:1833-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...