DEBIAN-CVE-2018-7999

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file...

PT-2018-18371 · Podofo +2 · Podofo +2

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: The issue is related to a heap-based buffer over-read vulnerability in the UnescapeName function in PdfName.cpp. This could allow remote attackers to cause a denial-of-service or possibly other unspecified...

SUSE SLED12 Security Update : yaml-cpp (SUSE-SU-2018:0631-1)

This update for yaml-cpp fixes the following issues : - CVE-2017-5950: Stack overflow in SingleDocParser::HandleNode function bsc1032144 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...

SUSE-SU-2018:0631-1 Security update for yaml-cpp

This update for yaml-cpp fixes the following issues: - CVE-2017-5950: Stack overflow in SingleDocParser::HandleNode function bsc1032144...

CVE-2018-7728

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFFHandler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp...

MP4v2 Denial of Service Vulnerability

MP4v2 is an open source library written in C++ for handling MP4 containers. A security vulnerability exists in the MP4Atom class of the mp4atom.cpp file in MP4v2 2.0.0 and earlier versions, which stems from the program's failure to properly handle Entry Number validation. A remote attacker can...

sam2p heap buffer overflow vulnerability (CNVD-2018-06417)

sam2p is a command-line utility that can convert many raster bitmap image formats such as GIF, JPG/JPEG and PNG to PostScript or PDF files. A heap buffer overflow vulnerability exists in the LoadPCX function of inpcx.cpp in sam2p 0.49.4. An attacker can exploit this vulnerability via specially...

CVE-2017-12113

An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger th...

CVE-2017-12119

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...

Out-of-bounds

An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...

Authorization

An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. An attacker can send JSON to trigger this vulnerability...

CVE-2017-14457

An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...

CVE-2017-12118

An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. An attacker can send JSON to trigger this vulnerability...

CVE-2017-14457

The CVE-2017-14457 issue impacts CPP-Ethereum’s libevm create2 opcode handler. A crafted contract can set an extremely large initSize passed to the bytesConstRef used to compute the create2 hash, enabling an out-of-bounds read that can cause memory disclosure or a denial of service. Talos and CVE...

CVE-2017-12116

The CVE-2017-12116 entry concerns cpp-ethereum’s JSON-RPC API miner_setGasPrice. The vulnerability stems from improper authorization checks in the miner_setGasPrice API, allowing a remote attacker to access restricted functionality without credentials. Publicly reported impact indicates possible ...

CVE-2017-12118

CVE-2017-12118 refers to a vulnerability in cpp-ethereum’s JSON‑RPC miner_stop API where improper authorization could allow a remote attacker to trigger functionality reserved for admins. The weakness stems from missing privilege checks in miner_stop (no RPC_ADMIN guard), with attacker-controlled...

CVE-2017-12113

The CVE-2017-12113 issue affects cpp-ethereum’s JSON-RPC admin_nodeInfo API. A missing authorization check (improper authorization) allows a remote attacker to trigger restricted functionality without credentials. Descriptions from Talos and related advisories confirm the vulnerability in Ethereu...

CVE-2017-12119

CVE-2017-12119 is a denial-of-service vulnerability in CPP-Ethereum JSON-RPC. A malformed JSON request can trigger an unhandled exception in the JSON-RPC server (via JSON-Cpp value handling and isInt checks), crashing the client. Public documentation lists multiple vulnerable JSON-RPC APIs (e.g.,...

CVE-2017-12118

An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. An attacker can send JSON to trigger this vulnerability...

CVE-2017-12116

An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger...