UBUNTU-CVE-2018-11384

The shop function in radare2 2.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted ELF file...

London Trust Media Private Internet Access VPN Client for Windows Elevation of Privilege Vulnerability

London Trust Media Private Internet Access PIA VPN Client for Windows is a Windows-based VPN client for anonymous Internet access. A security vulnerability exists in version 77 of the London Trust Media PIA VPN Client for Windows based platforms, which stems from the program's failure to adequate...

CVE-2018-5731

An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...

DEBIAN-CVE-2018-7642

The swapstdrelocin function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service aout32swapstdrelocout NULL pointer dereference and application crash via a crafted ELF file, as demonstrated by...

CVE-2018-5105

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox 58...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-34503)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in GNU Binutils 2.29.1. The vulnerability arises because coffgen.c in the Binary File Descriptor BFD libra...

UBUNTU-CVE-2017-16827

The aoutgetexternalsymbols function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service slurpsymtab invalid free and application crash or possibly have unspecified other impact via a crafted E...

UBUNTU-CVE-2017-16829

The bfdelfparsegnuproperties function in elf-properties.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibl...

UBUNTU-CVE-2017-16805

In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file, related to rbindwarfparsecompunit in dwarf.c and sdbsetinternal in shlr/sdb/src/sdb.c...

UBUNTU-CVE-2017-15939

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles NULL files in a .debugline file table, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ELF file, related to...

Remote code execution

An active network attacker MiTM can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client t...

GNU Binutils libbfd dwarf2.c read_formatted_entries denial of service vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

Input validation

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL...

UBUNTU-CVE-2017-15024

findabstractinstancename in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted ELF file...

Cisco Meeting App Local Privilege Escalation Vulnerability

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL...

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-30073)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library used in GNU Binutils, which can be...

Design/Logic Flaw

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

JVN#75929834: Install program and Installer of i-フィルター 6.0 may insecurely load Dynamic Link Libraries and invoke executable files

i-フィルター 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-フィルター 6.0 install program and installer contain the following vulnerabilities. Lead to insecurely loading...