GNU LibreDWG Excessive Memory Allocation Vulnerability (CNVD-2020-03562)

GNU LibreDWG is a GNU Project C library for working with DWG files. A security vulnerability exists in the 'decode3dsolid' function of dwg.spec in versions of GNU LibreDWG prior to 0.93. An attacker can exploit this vulnerability to cause a denial of service large memory consumption...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2020-03560)

GNU LibreDWG is a GNU Project C library for working with DWG files. A buffer overflow vulnerability exists in the 'decodeR13R2000' function of the decode.c file in GNU LibreDWG version 0.92. The vulnerability stems from a networked system or product performing operations in memory without properl...

UBUNTU-CVE-2019-15694

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This...

libIEC61850 Buffer Overflow Vulnerability

libIEC61850 is an open source library for the IEC 61850 protocol. A buffer overflow vulnerability exists in the 'MmsValuedecodeMmsData' function in the mms/isomms/server/mmsaccessresult.c file in libIEC61850 version 1.4.0. The vulnerability stems from a network system or product performing...

PT-2019-6199 · Struktur Ag +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.4 Description: The issue is related to a global buffer overflow in the decode CABAC bit function. This can be exploited via a crafted file, potentially allowing a remote attacker to cause a denial of service. The...

Nitro Software Free PDF Reader Buffer Error Vulnerability

Nitro Software Free PDF Reader is a set of free PDF document editor from Nitro Software, USA. The product is mainly used to create, edit, view and convert PDF documents. A JBIG2Decode stock-in-buffer error vulnerability exists in the npdf.dll file in Nitro Software Free PDF Reader version...

DEBIAN-CVE-2019-19635

An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixeldecoderawimpl at fromsixel.c...

UBUNTU-CVE-2019-19637

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixeldecoderawimpl at fromsixel.c...

PT-2019-15894 · Libsixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: libsixel version 1.8.2 Description: A heap-based buffer overflow issue was found in the sixel decode raw impl function at fromsixel.c. Recommendations: For libsixel version 1.8.2, consider disabling the sixel decode raw impl function as a...

PT-2019-15896 · Libsixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: libsixel version 1.8.2 Description: An issue was discovered in the function sixel decode raw impl at fromsixel.c, which is affected by an integer overflow. Recommendations: For libsixel version 1.8.2, at the moment, there is no information...

SUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2019:3184-1)

This update for ffmpeg fixes the following issues : Security issues fixed : CVE-2019-17542: Fixed a heap-buffer overflow in vqadecodechunk due to an out-of-array access bsc1154064. CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check bsc1137526. CVE-2019-9718: Fixed a...

Denial Of Service (DoS)

hashids is vulnerable to denial of service DoS. The vulnerability exists in the decode function in Hashids class whereby a remote attacker is able to produce an infinite loop that could lead to an application crash by submitting certain string of characters...

PSF-2019-15 Remove newline characters from uu encoding methods

Filenames passed to the UU encoding methods uu.py and uucodec.py that contain a newline character will overflow data into the UU content section. This can potentially be used to inject replace or corrupt data content in a file during the decode process. The fix removes newline characters from...

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

php: Invalid memory access in function xmlrpc_decode()

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service...

XORpass - Encoder To Bypass WAF Filters Using XOR Operations

XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpass cd XORpass $ php encode.php STRING $ php decode.php "XORed STRING" Example of bypass: Using clear PHP function: Using XOR bypass of that function: $ php encode.php...

ALPINE-CVE-2019-18408

archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol...

UBUNTU-CVE-2019-18408

archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol...

Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography

Affected software: Tomedo Server 1.7.3 Vulnerability type: Cleartext Transmission of Sensitive Information & Weak Cryptography for Passwords Vulnerable version: Tomedo Server 1.7.3 Vulnerable component: Customer Tomedo Server that communicates with Vendor Tomedo Update Server Vendor report...