UBUNTU-CVE-2018-19567

A floating point exception in parsetiffifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code...

Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

Scrape/Parse Pastebin using GO and grammar expression PEG. Installation $ go get -u github.com/edoz90/pastego Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && earthquake, password && php ||...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27587)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the ixheaacdmpsparse.c file of ixheaacdmpsgetstridemap in the Android 9 release, which stems from a lack of boundary detection in the...

CVE-2018-9347

In function SMFParseMetaEvent of file eassmf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

DEBIAN-CVE-2018-19211

In ncurses 6.1, there is a NULL pointer dereference at function ncparseentry in parseentry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character ' in name or alias field" detection...

UBUNTU-CVE-2018-19211

In ncurses 6.1, there is a NULL pointer dereference at function ncparseentry in parseentry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character ' in name or alias field" detection...

F5 Networks BIG-IP : Multiple Wireshark vulnerabilities (K34035645)

CVE-2018-7320 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVE-2018-7321 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a lar...

ALPINE-CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

CVE-2018-9473

In ihevcdparseseipayload of ihevcdparseheaders.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Androi...

CVE-2018-17848

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...

CVE-2018-17847

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

Prototype Pollution

merge is vulnerable to prototype pollution. Properties of the Object prototype can be added or modified via JSON.parse, causing a denial of service condition or possibly remote code execution depending on the application...

PT-2018-14218 · Google · Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html through 2018-09-25 Description: The issue arises from the mishandling of specific HTML tags, such as , which can cause an infinite loop during an html.Parse call. This occurs because inSelectIM and inSelectInTableI...

PT-2018-14220 · Google · X/Net/Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue arises from the html package mishandling certain HTML tags, such as and , leading to a "panic: runtime error" index out of range during an html.Parse call. This...

PT-2018-14219 · Google · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue is related to the html package mishandling certain HTML inputs, such as , leading to a "panic: runtime error" index out of range in nodeStack.pop or...

Design/Logic Flaw

A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207...

CVE-2018-17237

CVE-2018-17237 affects HDF5 1.10.3. A SIGFPE (division by zero) occurs in H5D__chunk_set_info_real() within H5Dchunk.c during parsing of a crafted HDF file, due to insufficient protection against division by zero. Connected sources reference this HDF5 issue alongside related CVEs and note its con...

PoDoFo Information Disclosure Vulnerability

PoDoFo is an open source , written in C++ using the PDF file format library . PoDoFo in the 'PdfEncoding::ParseToUnicode ' function there is an information leakage vulnerability , the vulnerability stems from the program fails to correctly validate the data submitted by the user , an attacker can...

CVE-2018-17143

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

CVE-2018-17043

An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parsedoc in parsedoc.cpp...