The vulnerability of the Parus-Budget enterprise automation system allows a perpetrator to execute any arbitrary code.

The vulnerability of the TComboboxStrings.Get function in the Parus-Budget enterprise automation system is related to the lack of checks on the data entered by users. Exploiting this vulnerability can allow an attacker to cause a stack overflow and execute arbitrary code...

The vulnerability of the `ldap_get_dn` function in the PHP interpreter, related to a pointer dereferencing error, allows attackers to trigger a denial-of-service attack.

The vulnerability of the ldapgetdn function ext/ldap/ldap.c in the PHP interpreter is related to incorrect handling of the returned value when processing specially crafted LDAP server responses. Exploiting this vulnerability could allow a remote attacker to cause service failures...

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

Memory corruption

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31...

[SECURITY] [DLA 1520-1] python3.4 security update

Package : python3.4 Version : 3.4.2-1+deb8u1 CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python...

ProgressiveToken Integer Overflow Vulnerability

ProgressiveToken is a tradable Ether ERC20 token. ProgressiveToken's smart contract implementation of the sell function has an integer overflow vulnerability where "amount sellPrice" can be zero. An attacker could exploit this vulnerability to reduce the seller's assets...

GVToken Genesis Vision (GVT) Integer Overflow Vulnerability

GVToken Genesis Vision GVT is a smart contract that runs on Ether. An integer overflow vulnerability exists in the mint function in GVToken Genesis Vision GVT. The vulnerability can be exploited by the contract owner to arbitrarily retrieve a minted token...

PHPOK Arbitrary File Upload Vulnerability

PHPOK is an enterprise building system that supports expansion. An arbitrary file upload vulnerability exists in the 'importf' function in the framework/admin/moduleccontrol.php file in PHPOK version 4.9.032. An attacker can exploit this vulnerability to upload arbitrary zip files...

Natus Xltek NeuroWorks Buffer Overflow Vulnerability

Natus Xltek NeuroWorks is a suite of versatile software platforms for EEG testing, long-term monitoring, ICU monitoring and sleep studies from Natus Medical, USA. A buffer overflow vulnerability exists in the list function in Natus Xltek NeuroWorks 8. A remote attacker could exploit this...

CVE-2018-11378

RADARE2 before version 2.6.0-1 is affected by CVE-2018-11378 due to a stack-buffer overflow in wasm_dis() in libr/asm/arch/wasm/wasm.c, which may lead to denial-of-service or other unspecified impact via a crafted WASM file. The Arch Linux advisory ASA-201806-2 documents this alongside other CVEs...

CVE-2018-9132

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file...

CVE-2018-9132

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file...

CVE-2017-18250

An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file...

Logic Vulnerability in Inventron VT Designer

INVISION is a key high-tech enterprise under the National Torch Plan. Relying on power electronics, automatic control and information technology, INVISION's business covers industrial automation, new energy vehicles, network energy and rail transportation. A logic vulnerability exists in INVITRO ...

CVE-2017-17129

The ffvc1mc4mvchroma4 function in libavcodec/vc1mc.c in Libav 12.2 allows remote attackers to cause a denial of service segmentation fault and application crash or possibly have unspecified other impact via a crafted file...

MSA vot.Ar 'parse' function unauthorized operation vulnerability

MSA vot.Ar is a suite of voting election applications. A security vulnerability exists in the 'parse' function in MSA vot.Ar version 3.1. An attacker in close physical proximity could exploit this vulnerability to cast multiple votes for a candidate with the help of a specially designed RFID voti...

UBUNTU-CVE-2017-13028

The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint...

CVE-2017-13745

There is a reachable assertion abort in the function jpcdecprocesssot in jpc/jpcdec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpcppmstabtostreams return value, a different vulnerability than CVE-2018-9154...

CVE-2017-13066

GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c...

UBUNTU-CVE-2017-11554

There is a stack consumption vulnerability in the lex function in parser.hpp as used in sassc in LibSass 3.4.5. A crafted input will lead to a remote denial of service...