Protocol downgrade required TLS bypassed

A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line or CURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL with libcurl. This requirement could be bypassed if the server would return a properly crafted but...

Arbitrary code execution in clickhouse-driver

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

The vulnerability of the XListExtensions function in the client-side API library for the X Window System libX11 allows a attacker to cause a service failure.

The vulnerability of the XListExtensions function ListExt.c in the client API library for the X Window System libX11 is related to an “unit not counted” error. Exploiting this vulnerability allows a remote attacker to cause a service failure through a specially crafted server response...

UBUNTU-CVE-2017-2834

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...