Denial Of Service (Dos)

xen is vulnerable to denial of service. This is due to the way the pyGrub boot loader handles compressed kernel images, which consumes an excessive amount of CPU resources when a large bzip2 or lzma compressed kernel image is processed, resulting in an out-of-memory condition...

Information Disclosure

IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the...

UBUNTU-CVE-2019-3574

In libsixel v1.8.2, there is a heap-based buffer over-read in the function loadjpeg in the file loader.c, as demonstrated by img2sixel...

CVE-2019-3574

In libsixel v1.8.2, there is a heap-based buffer over-read in the function loadjpeg in the file loader.c, as demonstrated by img2sixel...

UBUNTU-CVE-2018-20548

There is an illegal WRITE memory access at common-image.c function loadimage in libcaca 0.99.beta19 for 1bpp data...

CVE-2018-5861

CVE-2018-5861 is documented as a heap-overflow risk in CAF Android bootloader code using the Linux kernel, affecting Android for MSM/QRD Android builds with Qualcomm bootloaders. The vulnerability arises from incomplete partition-size checks during loading of secure applications, with CVSS v3.0 i...

CVE-2018-5861

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader...

Design/Logic Flaw

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Exploit kits: fall 2018 review

Exploit kit EK activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are...

Information Disclosure

react-styleguidist is vulnerable to information disclosure. Source file paths are leaked the processComponent in loaders/styleguide-loader.js, which would provide remote attackers information to perform further attacks...

The vulnerability of the BIOS loader of the Hyper-V hardware virtualization platform for Windows operating systems allows a hacker to circumvent built-in security restrictions.

The vulnerability of the BIOS loader of Hyper-V hardware virtualization systems for Windows operating systems arises from the unstable provision of high entropy during loading. Exploiting this vulnerability allows a remote attacker to circumvent built-in security restrictions...

Information disclosure

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types...

CVE-2018-14798

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure...

CVE-2018-14802

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution...

Information disclosure

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure...

Remote code execution

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution...

CVE-2018-14794

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer...

CVE-2018-14802

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution...

CVE-2018-14798

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure...

CVE-2018-14788

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types...