525 matches found
ZZIPlib Invalid Memory Address Dereference Vulnerability
ZZIPlib is a set of lightweight file compression tools. A security vulnerability exists in the 'zzipdiskfread' function of the mmapped.c file in ZZIPlib version 0.13.68. An attacker can exploit this vulnerability to cause a denial of service reverse reference to an invalid memory address and cras...
CVE-2018-7725
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzipdiskfread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service...
CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
CVE-2017-12722
An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the...
USN-3566-1 php5 vulnerabilities
It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting XSS attacks. CVE-2018-5712 It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use thi...
CVE-2017-16728
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash...
CVE-2017-16728
CVE-2017-16728 concerns Advantech WebAccess before 8.3, where an untrusted pointer dereference in the webvrpcs/drawsrv components can cause invalid memory dereference. Public sources describe potential crashes and, in ZDI advisories, remote code execution scenarios without authentication via IOCT...
Linux kernel memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'the usbtvprobe' function in the drivers/media/usb/usbtv/usbtv-core.c file in Linux kernel 4.14.10 and earlier. An attacker can...
DEBIAN-CVE-2017-15938
dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, miscalculates DWFORMrefaddr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service findabstractinstancename invalid memory read, segmentation...
UBUNTU-CVE-2017-1000257
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...
ImageMagick Denial of Service Vulnerability (CNVD-2017-27286)
ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the DrawGetStrokeDashArray function of the wand/drawing-wand.c file in...
minidjvu denial of service vulnerability (CNVD-2017-25769)
minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. The mdjvubitmappackrow function denial of service vulnerability in base/4bitmap.c in Minidjvu allows an...
Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
DEBIAN-CVE-2017-9259
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service memory allocation error and application crash via a crafted wav file...
WebKit memory corruption vulnerability in multiple Apple products (CNVD-2017-16618)
Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is an open source web...
UBUNTU-CVE-2017-7046
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote...
Firefox 54.0.1 - Denial of Service
Firefox 54.0.1 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0....
Firefox 54.0.1 - Denial of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0.1 Vulnerability Type: =================== Denial Of Service Security Issue: ================ Dynamically creating HTML elements...
Denial Of Service (DoS) Through Memory Leak
ImageMagick is vulnerable to denial of service DoS attacks. A malicious user can pass a MAT image file to the application to cause a memory leak. This can cause the application to run out of memory and crash...
ALPINE-CVE-2017-9469
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash...