libsixel buffer overflow vulnerability (CNVD-2020-12707)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A buffer overflow vulnerability exists in the 'loadsixel' function of the loader.c file in libsixel version 1.8.2, which originates when a networked system or product perform...

PT-2019-15953 · Libsixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: libsixel version 1.8.2 Description: A heap-based buffer over-read issue was discovered in the load sixel function at loader.c. Recommendations: For libsixel version 1.8.2, at the moment, there is no information about a newer version that...

PT-2019-15952 · Stb +1 · Stb Image.H +1

Name of the Vulnerable Software and Affected Versions: stb image.h aka the stb image loader version 2.23 Description: The issue is a heap-based buffer over-read in the stbi load main function. This problem affects products that use the stb image loader, including libsixel. Recommendations: For...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2019-4606

CVE-2019-4606 affects IBM DB2 High Performance Unload for LUW versions 6.1 and 6.5. The vulnerability is an untrusted search path issue that could allow a local attacker to execute arbitrary code by using an executable file. IBM and related advisories describe impact as local code execution with ...

DEBIAN-CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

UBUNTU-CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

Design/Logic Flaw

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

CVE-2017-18640

CVE-2017-18640 affects SnakeYAML; the vulnerability arises from entity expansion (Billion Laughs style) during load, allowing abuse of the alias feature. Affected versions are before 1.26 (e.g., SnakeYAML 1.25.x onward) with public mentions in multiple advisories showing a fix in 1.26. Fedora/Alm...

CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

CVE-2013-4245

Orca has arbitrary code execution due to insecure Python module load...

CVE-2013-4245

Orca has arbitrary code execution due to insecure Python module load...

CVE-2013-4245

CVE-2013-4245 : The vulnerability affects the Orca application and is caused by insecure Python module load, resulting in arbitrary code execution. The NVD entry lists a local attack vector with medium complexity in CVSS v2, and high impact on confidentiality, integrity, and availability in CVSS ...

CVE-2019-19543

A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges. Mitigation As the module will be auto-loaded when the relevant hardware is required, its use can be disabled by preventing the module from loading wit...

NGINX -- HTTP request smuggling

NGINX Team reports: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...

libsixel buffer overflow vulnerability (CNVD-2019-44741)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A buffer overflow vulnerability exists in the 'loadpnm' function of the frompnm.c file in libsixel version 1.8.2. The vulnerability stems from a network system or product...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20191205)

Security Fixes : - Kernel: KVM: OOB memory access via mmio ring buffer CVE-2019-14821 - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation CVE-2019-15239 Bug Fixes : - On SL 7.7 kernel SCSI VPD information for NVMe drives is missing breaks...

PT-2019-15897 · Sixel +1 · Libsixel +1

Name of the Vulnerable Software and Affected Versions: libsixel version 1.8.2 Description: An issue was discovered in the function load pnm at frompnm.c, due to an integer overflow, resulting in a heap-based buffer overflow. Recommendations: For libsixel version 1.8.2, at the moment, there is no...

Yelp: DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389

Description: There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details: Detailed attack scenario is described for example here:...