CVE-2022-30322

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...

CVE-2021-45908

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted...

CVE-2021-40818

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration...

CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

CVE-2018-20542

There is a heap-based buffer-overflow at generatorspgemmcscreader.c function libxsmmsparsecscreader in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 which is in a different part of the source code and is seen at a different address...

CVE-2018-12098

The liblnkdatablockread function in liblnkdatablock.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub...

CVE-2017-17512

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

CVE-2016-9152

Cross-site scripting XSS vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter...

CVE-2016-5360

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...

CVE-2016-4021

The readbinary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service infinite loop and CPU consumption via crafted input, as demonstrated by the \xa3\x03 string...

CVE-2015-9542

addpassword in pamradiusauth.c in pamradius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy. An attacker could send a crafted password to an application loading the pamradius library and crash it. Arbitrary code...

CVE-2014-8136

The 1 qemuDomainMigratePerform and 2 qemuDomainMigrateFinish2 functions in qemu/qemudriver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors...

bzexe /tmp Race Condition

Hi Packetstorm, This PoC exploit was developed after a discussion on Full-disclosure mailing list, where http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862 was proved to be exploitable. A user can wait until a binary that was compressed with bzexe is run by root and execute /tmp/exec. This...

Debian DSA-1235-1 : ruby1.8 - denial of service

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...