Default configuration

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related...

CVE-2017-12170

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related...

gdal: Heap-buffer-overflow in memBitRead

Detailed report: https://oss-fuzz.com/testcase?key=4659886891728896 Project: gdal Fuzzer: libFuzzergdalfuzzer Fuzz target binary: gdalfuzzer Job Type: libfuzzerasangdaluntrusted Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60e00001775c Crash State: memBitRead...

gnutls: Use-of-uninitialized-value in _nettle_rsa_check_size

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6559599983329280 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

gdal: Bad-cast to SDTSAttrReader from SDTSLineReader;OGRSDTSLayer::OGRSDTSLayer;OGRSDTSDataSource::Open

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5383072822329344 Project: gdal Fuzzer: libFuzzergdalogrsdtsfuzzer Fuzz target binary: ogrsdtsfuzzer Job Type: libfuzzerubsangdal Platform Id: linux Crash Type: Bad-cast Crash Address: 0x0000087452a0 Cras...

CVE-2017-9614

The fillinputbuffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream cod...

CVE-2017-9614

The fillinputbuffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream cod...

PT-2017-19073 · Libjpeg Turbo +1 · Libjpeg-Turbo +1

Name of the Vulnerable Software and Affected Versions: libjpeg-turbo version 1.5.1 Description: The issue allows remote attackers to cause a denial of service, resulting in invalid memory access and application crash, or possibly have other unspecified impacts via a crafted jpg file. It is noted...

Schweitzer Engineering Laboratories SEL-3620 and SEL-3622 Security Gateway Unauthorized Access Vulnerability

Schweitzer Engineering Laboratories SEL SEL-3620 and SEL-3622 Security Gateway are both security gateway products from Schweitzer Engineering Laboratories SEL, USA. A security vulnerability exists in the SEL SEL-3620 and SEL-3622 Security Gateway due to a failure to properly enforce access contro...

postgis: Heap-buffer-overflow in ptarray_from_wkb_state

Project: https://git.osgeo.org/gitea/postgis/postgis.git Detailed report: https://oss-fuzz.com/testcase?key=6439724333924352 Project: postgis Fuzzer: libFuzzerpostgiswkbimportfuzzer Fuzz target binary: wkbimportfuzzer Job Type: libfuzzerasanpostgis Platform Id: linux Crash Type:...

gnutls: Use-of-uninitialized-value in nettle_pkcs1_encrypt

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://oss-fuzz.com/testcase?key=6091382018015232 Project: gnutls Fuzzer: libFuzzergnutlsclientfuzzer Fuzz target binary: gnutlsclientfuzzer Job Type: libfuzzermsangnutls Platform Id: linux Crash Type: Use-of-uninitialized-value Cras...

dlplibs: Container-overflow in libvisio::VSDContentCollector::_generateBezierSegmentsFromNURBS

Detailed report: https://oss-fuzz.com/testcase?key=6337251178971136 Project: dlplibs Fuzzer: libFuzzerdlplibsvsdfuzzer Fuzz target binary: vsdfuzzer Job Type: libfuzzerasandlplibs Platform Id: linux Crash Type: Container-overflow READ 8 Crash Address: 0x606000000590 Crash State:...

gdal: Heap-buffer-overflow in NTFFileReader::ProcessAttRec

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4504076375031808 Project: gdal Fuzzer: aflgdalogrfilesystemfuzzer Fuzz target binary: ogrfilesystemfuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

ffmpeg: Stack-use-after-return in put_h264_qpel8_hv_lowpass_9

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=4870171724349440 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDH264fuzzer Job Type: libfuzzerasanffmpeg Platform Id: linux Crash Type: Stack-use-after-return READ 2 Crash Address: 0x7f3acd5b01a0 Crash...

pcre2: Global-buffer-overflow in compare_opcodes

Project: svn://vcs.exim.org/pcre2/code/trunk Detailed report: https://oss-fuzz.com/testcase?key=6674380245434368 Project: pcre2 Fuzzer: libFuzzerpcre2fuzzer Fuzz target binary: pcre2fuzzer Job Type: libfuzzerasanpcre2 Platform Id: linux Crash Type: Global-buffer-overflow READ 1 Crash Address:...

Turla APT Group Abusing Satellite Internet Links

Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today. Active for close to a decade, Turla’s activities were exposed last year; the Russian-speaki...

TP-Link TD-8840t - CSRF Vulnerability

TP-Link TD-8840t is a ADSL2+ Ethernet/USB Modem Router which works with a 24-Mbps downstream connection. Usage Info TP-Link TD-8840t is a ADSL2+ Ethernet/USB Modem Router which works with a 24-Mbps downstream connection. You can easily change the default user's admin password by the default route...

TP-Link TD-8840t - Cross-Site Request Forgery

TP-Link TD-8840t - Cross-Site Request Forgery Exploit Title: TP-Link TD-8840t CSRF Vulnerability Author: MOHAMMED AL-SAGGAFLEGNED-SEIYUN E-mail: [email protected]/mohammed.alsaggaf2010 Category: Hardware Google Dork: N/A Vendor: http://www.tp-link.com Firmware Version:...

TP-Link TD-8840t - Cross-Site Request Forgery

Exploit Title: TP-Link TD-8840t CSRF Vulnerability Author: MOHAMMED AL-SAGGAFLEGNED-SEIYUN E-mail: [email protected]/mohammed.alsaggaf2010 Category: Hardware Google Dork: N/A Vendor: http://www.tp-link.com Firmware Version: 3.0.0 Build 120531 Product:...

CVE-2010-4472

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011...