The vulnerability of Mutt and NeoMutt email clients, related to the execution of operations outside the data buffer, allows attackers to cause service failures.

The vulnerability in the imap/message.c file of the Mutt and NeoMutt email clients relates to the execution of operations outside the data buffer boundaries. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

UBUNTU-CVE-2018-20502

An issue was discovered in Bento4 1.5.1-627. There is an attempt at excessive memory allocation in the AP4DataBuffer class when called from AP4HvccAtom::Create in Core/Ap4HvccAtom.cpp...

UBUNTU-CVE-2018-20186

An issue was discovered in Bento4 1.5.1-627. AP4Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4DataBuffer::SetDataSize and AP4DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp...

Exiv2 Buffer Overflow Vulnerability (CNVD-2019-07082)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. A heap buffer overflow vulnerability exists in the Exiv2::tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27-RC3, which can be exploited by a remote attacker via specially crafted input to cause a denial...

UBUNTU-CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

Bento4 Denial of Service Vulnerability (CNVD-2018-14560)

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in AP4DataBuffer::SetData in the Core/Ap4DataBuffer.cpp file in Bento4 version 1.5.1-624. An attacker can exploit the vulnerability to cause a denial of service null pointer backreference...

UBUNTU-CVE-2018-14588

An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4DataBuffer::SetData in Core/Ap4DataBuffer.cpp...

CVE-2017-13257

In btapandatabufindcback of btapanact.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...

PYSEC-2018-148

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the...

PYSEC-2018-148

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the...

Apple macOS HighSierra 10.13 - ctl_ctloutput-leak Information Leak Exploit

Exploit for macOS platform in category local exploits / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which...

UBUNTU-CVE-2017-14646

The AP4AvccAtom and AP4HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4DataBuffer::SetData in Core/Ap4DataBuffer.cpp...

Google Chrome Blin Memory Misreference Vulnerability

Google Chrome is a web browsing tool developed by Google. Google Chrome Blin suffers from a memory misreference vulnerability. By failing to properly copy a buffer of data, allows remote attackers to cause a denial of service or have other impact via specially crafted JavaScript code...

Ubuntu: Security Advisory (USN-2946-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2015-3281

The bufferslowrealign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information uninitialized memory contents of previous requests via a crafted request...

duphandle read out of bounds

libcurl's function curleasyduphandle has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending. When doing an HTTP POST transfer with libcurl, you can use the CURLOPTCOPYPOSTFIELDS option to specify a memory area holding the data to send to the...

Solaris 2.5.0/2.5.1 ps & chkey Data Buffer Exploit

No description provided by source. cat psexpl.po EOF domain SUNWOSTOSCMD msgid usage: %s\n%s\n%s\n%s\n%s\n%s\n%s\n msgstr...

MW6 Technologies Aztec - ActiveX Data Buffer Overflow (PoC)

MW6 Technologies Aztec - ActiveX Data Buffer Overflow PoC object id=TestObj clas...

MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC)

object id=TestObj classid="CLSID:F359732D-D020-...

Samba nttrans Reply - Integer Overflow Vulnerability

vulnerable samba daemon has a integer overflow to cause remote dos by nttrans reply while the daemon reading ealist. In the detail, unsigned data type offset variable in vulnerable function of readnttransealist can be wrap up! security bug! security bug analyze smbd/nttrans.c ---- snip ---- snip...