CVE-2018-6144

Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file...

CVE-2018-6126

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

Exploit for Improper Input Validation in Flexense Syncbreeze

Flexense HTTP Server Server-Enable web server on port. Module...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Internet Bug Bounty: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

pack may cause a heap buffer write overflow with a large item count. Reported to the Perl security mailing list on 5 Aug 2017. Confirmed as a security flaw by TonyC on 30 Jan 2018 CVE-2018-6913 assigned to this flaw on 11 Feb 2018 Public security advisory released on 14 April 2018...

Adobe Photoshop Out-of-Bounds Memory Write Vulnerability

Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe Systems. An out-of-bounds memory write vulnerability exists in Adobe Photoshop. A remote user can exploit this vulnerability to execute arbitrary code on the target user's system...

Design/Logic Flaw

HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write...

kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c

A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory...

WavPack Memory Write Vulnerability

WavPack is an open source, free audio lossless compression software. A security vulnerability exists in WavPack 5.1.0 and earlier versions, which originates from the 'ParseRiffHeaderConfig' function in the riff.c file receiving multiple format chunks, and can be exploited by an attacker to perfor...

WavPack W64 Parser Component Memory Write Vulnerability

WavPack is a set of open source, free audio lossless compression software. w64 parser is one of the 64-bit parser component . A security vulnerability exists in the W64 parser component in WavPack 5.1.0 and earlier versions, which is caused by multiple format chunks received by the...

DEBIAN-CVE-2018-10537

An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks...

ALPINE-CVE-2018-10536

An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks...

CVE-2018-10534

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...

ALPINE-CVE-2018-10537

An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks...

Design/Logic Flaw

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...

CVE-2018-10534

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...

CVE-2018-10536

An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks...

CVE-2018-10534

CVE-2018-10534 is a vulnerability in GNU Binutils’ Binary File Descriptor library (libbfd). The issue arises in the function sequence involving the _bfd_XX_bfd_copy_private_bfd_data_common routine (peXXigen.c) when processing a negative Data Directory size, which enters an unbounded loop and expa...

CVE-2018-10534

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...

CVE-2018-10534

The bfdXXbfdcopyprivatebfddatacommon function in peXXigen.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of externalIMAGEDEBUGDIRECTORY edd so that the address...