SUSE CVE-2015-7651

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary...

SUSE CVE-2016-7170

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via vectors related to cursor.mask and cursor.image array sizes when processing a DEFINECURSOR svga command...

SUSE CVE-2018-19208

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h...

SUSE CVE-2022-22824

defineAttribute in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

tsClinical tsc-desktop 代码问题漏洞

tsClinical tsc-desktop is the tsClinical Metadata Desktop Tools. A security vulnerability exists in tsClinical tsc-desktop Define.xml Generator version v1.0.0 through v1.4.0, tsClinical Metadata Desktop Tools version 1.0.3 through 1.1.0, which stems from an XML External Entity Reference XXE...

Prototype Pollution

Overview utilities is an A classic collection of JavaScript utilities Affected versions of this package are vulnerable to Prototype Pollution via the mix function. PoC javascript var utilities = require"utilities" badobjects= test:"123" console.log"Before:"+.test...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CLSA-2022-1660762248 Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

CLSA-2022-1660757175 Fixed 15 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

CVE-2021-42203

An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swfFontExtractDefineTextCallback located in swftext.c. It allows an attacker to cause code execution...

CVE-2021-42199

An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swfFontExtractDefineTextCallback located in swftext.c. It allows an attacker to cause code execution...

UBUNTU-CVE-2021-42203

An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swfFontExtractDefineTextCallback located in swftext.c. It allows an attacker to cause code execution...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CVE-2022-26781

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

PT-2022-18083 · Unknown · Inrouter302

Name of the Vulnerable Software and Affected Versions: InRouter302 version 3.5.4 Description: The issue is related to improper input validation vulnerabilities in the libnvram.so nvram import functionality and the httpd's user define set item function. A specially-crafted file can lead to remote...

CLSA-2022-1650576008 Update of els-define

Add OracleLinux support...

Update of els-define

Add OracleLinux support...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

Expat 输入验证错误漏洞

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in defineAttribute in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary...

libming 安全漏洞

libming is a Flash SWF export library written in C. A security vulnerability exists in libming version 0.4.8, which stems from a missing boundary check in the parseSWFDEFINELOSSLESS2 function in util/parser.c. An attacker could use this vulnerability to pass a carefully crafted SWF file leading t...