UBUNTU-CVE-2018-14015

The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...

DEBIAN-CVE-2018-13845

An issue has been found in HTSlib 1.8. It is a buffer over-read in samparse1 in sam.c...

CVE-2018-13066

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWFDEFINEBUTTON2, parseSWFDEFINEFONT, parseSWFDEFINEFONTINFO, parseSWFDEFINELOSSLESS, parseSWFDEFINESPRITE, parseSWFDEFINETEXT, parseSWFDOACTION, parseSWFFILLSTYLEARRAY, parseSWFFRAMELABEL,...

Toppydo Input Validation Vulnerability

topdo is a to-do list management application. An input validation vulnerability exists in the 'ListFormatParser::parse' function in the topdo/lib/ListFormat.py file in topdo. The vulnerability can be exploited to inject arbitrary bytes into the endpoint with the help of a todo.txt file with one o...

Input validation

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

CVE-2018-12558

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

Libmobi Information Disclosure Vulnerability (CNVD-2018-16956)

Libmobi is used to process Mobipocket/Kindle MOBI e-book format document C library . An information disclosure vulnerability exists in the mobiparseindexentry function in index.c in Libmobi version 0.3. A remote attacker can exploit this vulnerability to obtain information via specially crafted...

rtorrent 0.9.6 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Exploit Title: rtorrent 0.9.6 - Denial of Service Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

rtorrent 0.9.6 - Denial of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

rtorrent 0.9.6 - Denial of Service

rtorrent 0.9.6 - Denial of Service Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

CVE-2017-16021

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...

DEBIAN-CVE-2018-11683

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440...

PT-2018-6052 · Github · Uri.Js

Name of the Vulnerable Software and Affected Versions: uri-js versions 2.1.1 and earlier Description: The issue arises from a regular expression used by uri-js to validate URLs, which is vulnerable to redos. This vulnerability causes the program to hang and results in 100% CPU usage when attempti...

UBUNTU-CVE-2018-11432

The mobiparsemobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted mobi file...

radare2 denial of service vulnerability (CNVD-2018-12198)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the parseimportptr function in radare2 2.5.0. A remote attacker can...

PT-2018-10523 · R +1 · Haven R Package +1

Name of the Vulnerable Software and Affected Versions: ReadStat version 0.1.1 haven R package affected versions not specified Description: The issue is related to multiple flaws in the ReadStat library, including an infinite loop condition, a memory leak associated with an iconv open call, and a...

ReadStat Memory Leakage Vulnerability

ReadStat is an open source command line tool for converting SAS, Stata and SPSS files. A memory leak vulnerability exists in the savparsemachineintegerinforecord of the libreadstat.a file in ReadStat version 0.1.1. An attacker can exploit this vulnerability to cause a denial of service memory lea...

UBUNTU-CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

ALPINE-CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

Heap-Based Buffer Over-read

TinyXML2 is vulnerable to heap-based buffer over-read. The vulnerability can be triggered when the attacker parses a malicious data to XMLDocument::Parse function...