Denial Of Service (DoS)

freerdp is vulnerable to denial of service DoS. The vulnerability exists through an unchecked read of array offset in rdpsndrecvwave2pdu...

Unbreakable Enterprise kernel security update

4.1.12-124.42.3 - can: peakusb: pcanusbfd: Fix info-leaks to USB devices Tomas Bortoli Orabug: 31351221 CVE-2019-19535 - media: hdpvr: Fix an error handling path in hdpvrprobe Arvind Yadav Orabug: 31352053 CVE-2017-16644 - fs/binfmtmisc.c: do not allow offset overflow Thadeu Lima de Souza Cascard...

pwn-collection

This repository contains a collection of CTF Capture The Flag challenges with writeups and exploit scripts. The challenges are categorized into three main areas: fmtstr32, heapchunkoverlap64, and pwn300. The fmtstr32 category contains challenges related to format string vulnerabilities, which all...

Memory corruption

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

CVE-2020-15466

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations...

UBUNTU-CVE-2020-15466

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations...

OSV-2020-704 Heap-buffer-overflow in BEInt<unsigned char, 1>::set

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13736 Crash type: Heap-buffer-overflow WRITE 1 Crash state: BEInt::set CFF::CFFIndex ::setoffsetat bool CFF::FDArray ::serializeCFF::cff2fontdict...

LanSpy 2.0.1.159 - Stack Buffer Overflow

LanSpy version 2.0.1.159 stack buffer overflow exploit that adds a user. """ Exploit title: LanSpy v.2.0.1.159 - Stack Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec - email protected - https://voidsec.com Vendor Homepage: https://lizardsystems.com/ Download:...

DEBIAN-CVE-2020-15306

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize in IlmImf/ImfMisc.cpp...

AZL-45069 CVE-2020-15306 affecting package OpenEXR 2.3.0-6

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize in IlmImf/ImfMisc.cpp...

Fedora 31 : tcpreplay (2020-256ac53cc7)

This release contains bug fixes only which includes security fixes : - Increase cache buffers size to accomodate VLAN edits 594 - Correct L2 header length to correct IP header offset 583 - Fix warnings from gcc version 10 580 - Heap Buffer Overflow in randomizeiparp 579 - Use after free in...

CVE-2004-0657

Integer overflow in the NTP daemon NTPd before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time...

Fedora 32 : tcpreplay (2020-f47830961a)

This release contains bug fixes only which includes security fixes : - Increase cache buffers size to accomodate VLAN edits 594 - Correct L2 header length to correct IP header offset 583 - Fix warnings from gcc version 10 580 - Heap Buffer Overflow in randomizeiparp 579 - Use after free in...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost. The exploit targets a remote code execution vulnerability in the Windows SMBv3 server. The PoC is written in Python and uses a shellcode written in x64 assembly language. The PoC consists of two main components: 1. ...

PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection

Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 import sys import requests impo...

CVE-2020-3633

CVE-2020-3633 describes an array-out-of-bounds condition that can occur when playing MP3 files due to an offset check not validating against the allocated buffer in Qualcomm Snapdragon products (various Auto/Compute/IoT/Wearable families including APQ8009, SDM… and SXR2130). The issue affects a w...

CVE-2020-3641

CVE-2020-3641 is a Qualcomm closed‑source component issue (Snapdragon) involving an integer overflow when atom size is smaller than atom offset due to improper validation. Affected products span Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables across numerous SoC...

SANE Backends Buffer Overflow Vulnerability (CNVD-2020-41085)

SANE Backends is an application programming interface API and communication protocol for regulating communication between software and digital imaging devices. A buffer error vulnerability exists in the 'decodebinary' function in versions of SANE Backends prior to 1.0.30. A remote attacker could...

offset-esports.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1159576 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

exiv2: denial of service in PngImage::readMetadata

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service SIGSEGV via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction...