freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

EUVD-2024-19879

Malicious code in bioql PyPI...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

PT-2025-35147

Name of the Vulnerable Software and Affected Versions: openmcp-client versions prior to 0.1.12 Description: openmcp-client, a VS Code plugin for MCP developers, contains a flaw where a malicious authorization server endpoint can be provisioned by an attacker when a user on a Windows platform...

CVE-2024-22318

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/IBMIACCESSCLIENTREMOTECREDENTIALTHEFTCVE-2024-22318.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.ibm.com Product IBM i Access Client Solutions Versions All...

CVE-2024-22318

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

CVE-2024-22318 IBM i Access Client Solutions information disclosure

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

UBUNTU-CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

Red Hat spice-client buffer overflow vulnerability

Red Hat SPICE is an enterprise virtualized desktop version of Red Hat's adaptive telepresence open-source protocol, which is used to connect users to their virtual desktops, providing the same end-user experience as a physical desktop. spice-client is its client program. A buffer overflow...