The vulnerability of the software platform for developing and managing online stores Magento Commerce lies in insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the software platform for developing and managing online stores Magento Commerce is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the target system using a specially crafted PDF file...

The vulnerability of the ImageIO component in operating systems such as iPadOS, watchOS, iOS, tvOS, Mac OS, and the iCloud service allows attackers to execute arbitrary code on the target system.

The vulnerability of the ImageIO component in operating systems such as iPadOS, watchOS, iOS, tvOS, Mac OS, and the iCloud service is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code on the target system using...

Design/Logic Flaw

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...

UBUNTU-CVE-2021-36409

There is an Assertion scalinglistpredmatrixiddelta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service DoS by running the application with a crafted file or possibly have unspecified other impact...

Exploit for Unrestricted Upload of File with Dangerous Type in Embedthis Goahead

CVE-2021-42342 CVE-2021-42342 RCE POC1:just prints c in...

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data...

Exploit for Unrestricted Upload of File with Dangerous Type in Webhmi Webhmi_Firmware

CVE-2021-43936 CVE-2021-43936 is a critical vulnerability CV...

The vulnerability of Adobe InDesign’s automation tool for computer design, related to reading data beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the possibility of an operation going beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to the execution of operations beyond buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system using a specially created file...

CVE-2021-40770 Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution

Adobe Prelude version 10.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially...

DEBIAN-CVE-2021-21898

A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-23904

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service DoS via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program...

Gerbv 缓冲区错误漏洞

Gerbv is a Gerber file Rs-274X only viewer. It is used to view Rs-274X Gerber files, Excellon drill files and Pick-N-Place files. A security vulnerability exists in Gerbv that stems from an out-of-bounds write vulnerability in the drill format T-code utility numbering function, which can be...

CVE-2020-21606

libde265 v1.0.4 contains a heap buffer overflow fault in the putepel16fallback function, which can be exploited via a crafted a file...

DEBIAN-CVE-2020-21602

libde265 v1.0.4 contains a heap buffer overflow in the putweightedbipred16fallback function, which can be exploited via a crafted a file...

ALPINE-CVE-2020-21606

libde265 v1.0.4 contains a heap buffer overflow fault in the putepel16fallback function, which can be exploited via a crafted a file...

CVE-2020-21599

libde265 v1.0.4 contains a heap buffer overflow in the de265image::availablezscan function, which can be exploited via a crafted a file...

Heap overflow

libde265 v1.0.4 contains a heap buffer overflow in the putepelhvfallback function, which can be exploited via a crafted a file...

UBUNTU-CVE-2020-21596

libde265 v1.0.4 contains a global buffer overflow in the decodeCABACbit function, which can be exploited via a crafted a file...

CVE-2020-21598

libde265 v1.0.4 contains a heap buffer overflow in the ffhevcputunweightedpred8sse function, which can be exploited via a crafted a file...