SUSE CVE-2015-8726

wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme MCS data, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted file...

SUSE CVE-2017-3068

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2018-18828

There exists a heap-based buffer overflow in vc1decodeiblockadv in vc1block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file...

SUSE CVE-2021-28899

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16...

SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2022:0562-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0562-2 advisory. - A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

Wrong modifier

Lines of code Vulnerability details Impact H-01 The modifier that is declared in RabbitHoleReceipt.sol and RabbitHoleTickets.sol files has no impact and has not protection to methods that is used for. This modifier is used in 3 functions. Having no check would mean that this modifier will always ...

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

GPAC MP4Box 安全漏洞

GPAC MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS. A security vulnerability exists in GPAC MP4Box version 2.1-DEV-rev617-g85ce76efd, which stems from a...

Siemens Polarion ALM Host Header Injection Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...

greenfarming.in Cross Site Scripting vulnerability OBB-3100001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...

wrw-kleve.de Cross Site Scripting vulnerability OBB-3037298

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEBIAN-CVE-2022-43238

Libde265 v1.0.8 was discovered to contain an unknown crash via ffhevcputhevcqpelh3v3sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted video file...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox due to an out-of-bounds read when using H264 decoding...

Missing check for address(0)

Lines of code Vulnerability details Impact Anyone can use address0 as a matchingPolicy contract Proof of Concept The Owner can invoke addPolicy with policy == address0 by mistake to the whitelistedPolicies and the malicious users could do bad things with matchingPolicy == address0 Recommended...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

PT-2022-37300 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the JavaParser library. The crash occurs in the com.github.javaparser.ast.expr.FieldAccessExpr.accept and...