UBUNTU-CVE-2021-44503

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a call to vaarg on an empty variadic parameter list, most likely causing a memory segmentation fault...

Null pointer dereference

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint...

CVE-2021-44506

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of input validation in calls to doverify in srunix/doverify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer...

CVE-2021-44505

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint...

CVE-2021-44503

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a call to vaarg on an empty variadic parameter list, most likely causing a memory segmentation fault...

CVE-2021-44501

CVE-2021-44501 affects FIS GT.M through V7.0-000 (YottaDB code base) where crafted input can make ZRead crash due to a NULL pointer dereference. Documented impact is crash; no explicit exploit details or patch/remediation are provided in the connected sources. Monitor for updates from GT.M/YottaD...

CVE-2021-44499

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that...

CVE-2021-44498

CVE-2021-44498 affects FIS GT.M through V7.0-000 (YottaDB code base). The issue is in the function f_incr.c (sr_port/f_incr.c) where crafted input can cause a type to be initialized incorrectly, leading to a crash via a NULL pointer dereference . This is described across multiple connected source...

CVE-2021-44497

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop...

CVE-2021-44496

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. gpac has a security vulnerability that stems from a null pointer dereference vulnerability in the xtraboxwrite function in /boxcodebase.c in GPAC 1.1.0, which can lead to a denial of service. No details of the vulnerability are currently available...

Log4Shell HTTP Header Injection Exploit

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an...

[SECURITY] Fedora 35 Update: libopenmpt-0.5.15-1.fc35

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

Unspecified vulnerability in Deoxxa dotty

Deoxxa Dotty is a Javascript-based code base used by Deoxxa individual developers to support access to object properties. deoxxa dotty has a security vulnerability that stems from a design or implementation impropriety in the code development process of a web-based system or product. No details o...

CVE-2021-38473

The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow...

Denial Of Service (DoS)

gpac is vulnerable to denial of service. The vulnerability exists due a NULL pointer dereference in the function vwidboxdel located in boxcodebase.c...

DEBIAN-CVE-2021-32270

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwidboxdel located in boxcodebase.c. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-32270

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwidboxdel located in boxcodebase.c. It allows an attacker to cause Denial of Service...

GPAC 代码问题漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. vwidboxdel function in boxcodebase.c in GPAC 20200801 and earlier versions is vulnerable to null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service...

DEBIAN-CVE-2020-19750

An issue was discovered in gpac 0.8.0. The strdup function in boxcodebase.c has a heap-based buffer over-read...