php: Invalid memory access in function xmlrpc_decode()

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

NewStart CGSL CORE 5.04 / MAIN 5.04 : cockpit Vulnerability (NS-SA-2019-0066)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cockpit packages installed that are affected by a vulnerability: - It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could sen...

libtiff: tiff2bw tool failed memory allocation leads to crash

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tiflzw.c...

libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tiflzw.c via a crafted TIFF file, as demonstrated by tiff2ps...

nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service...

edk2: Privilege escalation via heap-based buffer overflow in Decode() function

REJECTED CVE A heap-based buffer overflow issue was identified in EDK2 in the Decode function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file...

CVE-2019-14443

CVE-2019-14443 affects Libav 12.3. The issue is a division by zero in range_decode_culshift in libavcodec/apedec.c, enabling remote denial of service (application crash); demonstrated by avconv. Associated documents confirm the vulnerability and reference exploitation context. Debian/LTS advisori...

PT-2019-13697 · FFmpeg · Libav

Name of the Vulnerable Software and Affected Versions: Libav version 12.3 Description: An issue in Libav allows remote attackers to cause a denial of service, resulting in an application crash. This is due to a division by zero in the range decode culshift function in libavcodec/apedec.c, as...

DEBIAN-CVE-2019-13626

SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...

PT-2019-13235 · Foolabs · Xpdf

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A heap-based buffer overflow can occur in the DCTStream::decodeImage function in Stream.cc when writing to frameBuf memory. This issue can be triggered by sending a crafted PDF document to the pdftotext tool,...

ALPINE-CVE-2019-13111

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service large heap allocation followed by a very long running loop via a crafted WEBP image file...

PT-2019-13134 · Exiv2 +6 · Exiv2 +6

Name of the Vulnerable Software and Affected Versions: Exiv2 versions 0.27.1 and earlier Description: The issue is related to an integer overflow in the WebPImage::decodeChunks function, which can be triggered by a crafted WEBP image file. This can cause a denial of service due to a large heap...

cockpit: Crash when parsing invalid base64 headers

It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash...

GHSA-8V5F-HP78-JGXQ Signature Verification Bypass in jwt-simple

Versions of jwt-simple prior to 0.5.3 are vulnerable to Signature Verification Bypass. If no algorithm is specified in the decode function, the packages uses the algorithm in the JWT to decode tokens. This allows an attacker to create a HS256 symmetric algorithm JWT with the server's public key a...

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

Denial Of Service (DoS)

Ruby is vulnerable to denial of serviceDoS attacks. An attacker could provide a specially crafted string to the OpenSSL::ASN1 decode function to cause the target interpreter to crash...

CVE-2019-10050

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control...

JWT Signature Verification Bypass

jwt-simple is vulnerable to signature verification bypass. A remote attacker is able to succeed in a JWT verification without specifying an algorithm in the decode function...

DEBIAN-CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

Suricata Out-of-Bounds Read Vulnerability

Suricata is a high-performance network intrusion detection IDS, intrusion prevention IPS and network security monitoring multi-threaded engine. An out-of-bounds read vulnerability exists in Suricata 4.0.4. The vulnerability stems from an integer overflow in DecodeENIPPDU in app-layer-enip-commmon...