EUVD-2020-20033

Malware in sbrugna...

USN-7728-1: ImageMagick vulnerabilities

It was discovered that ImageMagick did not properly process certain format strings when interpreting image filenames. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. CVE-2025-53014 It was discovered that ImageMagick did not properly proce...

The vulnerability of the yajl_string_decode function in the yajl_encode.c component of the YAJL-ruby library allows a attacker to cause a service failure.

The vulnerability of the yajlstringdecode function in the yajlencode.c component of the YAJL-ruby library is related to insufficient processing of the format string. Exploiting this vulnerability could allow a malicious actor to cause a service failure by using a specially created JSON file...

mariadb: lack of proper validation of a user-supplied string before using it as a format specifier

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

RealNetworks Helix Server "x-wap-profile"头选项格式串处理漏洞

BUGTRAQ ID: 47110 CVE ID: CVE-2010-4235 RealNetwork Helix Server是一款支持多格式、跨平台的流媒体服务器软件，能将高质量的多媒体内容发不到任何网络位置。 Helix Server在处理请求中的"x-wap-profile"头选项时存在格式串处理漏洞，远程攻击者可利用此漏洞在受影响应用程序中执行任意代码或造成拒绝服务。 Real Networks Helix Mobile Server 14.0.0 Real Networks Helix Mobile Server 13.x Real Networks Helix Mobile...

VLC Media Player畸形“udp://”URI格式串处理漏洞

VLC Media Player是一款免费的媒体释放器。 VLC Media Player在处理畸形的URI串时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 VLC Media Player在处理“udp://”开头的URI串时存在格式串处理漏洞，远程攻击者可能利用此漏洞通过诱使用户访问恶意网页或打开恶意M3U文件控制用户机器。 VideoLAN VLC Media Player 0.x 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 不要打开来源不可信任的M3U文件。 厂商补丁： VideoLAN --------...