Faad2 Buffer Overflow Vulnerability

Faad2 is a freeware advanced audio Aac decoder. It is used for Sbr decoding. Faad2 suffers from a buffer overflow vulnerability due to incorrect bounds checking in the stcoin function in mp4read.c. This vulnerability can be exploited to execute arbitrary code in the context of the current process...

CVE-2023-0286 -X.400 address type confusion in X.509 GeneralName

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

Google Android onCreate module authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android onCreate module has an authorization issue vulnerability that stems from a lack of permission checking in the onCreate module of ManagePermissionsActivity.java, with one possible way to bypass the Restore...

Cross site scripting

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution...

CVE-2020-36615

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution...

CVE-2020-36615

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution...

CrafterCMS is an open source headless CMS for enterprise-level websites and other content-driven digital experiences, especially those that are high-performance, large-scale and ultra-secure. CrafterCMS suffers from a cross-site scripting vulnerability in versions 3.1.0 through 3.1.27 and 4.0.0 through 4.0.2. The vulnerability is due to improper neutralization of inputs during page generation allowing for reflected XSS.No detailed vulnerability details are available at this time.

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authentication checks, which could be exploited by an unauthenticated attacker to set undocumented parameters to a specific compatibility value and then invoke a read function.

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

OpenBSD Security Vulnerabilities

OpenBSD is a cross-platform, BSD-based, UNIX-like operating system from the Canadian OpenBSD project group. A security vulnerability exists in versions of OpenBSD prior to 7.3 that stems from a lack of bounds checking for parameter counting...

curl security update

7.61.1-30.el88.3 - GSS delegation too eager connection re-use CVE-2023-27536 - fix host name wildcard checking CVE-2023-28321 - rebuild certs with 2048-bit RSA keys...

SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:3239-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3239-1 advisory. - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. bsc1213853 Tenable has extracted the...

CVE-2022-40510

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder...

CVE-2023-28561 Buffer Copy Without Checking Size of Input in QESL

Memory corruption in QESL while processing payload from external ESL device to firmware...

CVE-2023-28561 Buffer Copy Without Checking Size of Input in QESL

Memory corruption in QESL while processing payload from external ESL device to firmware...

CVE-2023-21649 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN

Memory corruption in WLAN while running doDriverCmd for an unspecific command...

MediaTek Chip Buffer Error Vulnerability

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking in the OPTEE module, which may result in out-of-bounds writes...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a possible lack of privilege checking in the Contacts Service module...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Unisoc Corporation. A security vulnerability exists in UNISOC Chipsets due to a possible lack of privilege checking in the Contacts service module...

rngComplete() function is vulnerable to an array out of bounds error

Lines of code Vulnerability details Impact A malicious actor can manipulate the AuctionResult passed to RewardLib.rewards to make it return a short rewards array Proof of Concept The issue is that there is no check that i stays within the bounds of rewards. If rewards is shorter than expected, th...