DEBIAN-CVE-2017-15928

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication...

Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

GHSA-C9F4-XJ24-8JQX Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

CVE-2015-6839

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

Design/Logic Flaw

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

CVE-2015-6839

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

CVE-2015-6839

The CVE-2015-6839 entry concerns MSA vot.Ar 3.1, where the parse function fails to prevent a candidate from receiving multiple votes. The underlying issue is a vulnerability in the parsing logic that allows an RFID ballot tag crafted by an attacker in close physical proximity to cause multiple vo...

Sandbox Breakout / Arbitrary Code Execution

Overview Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...

DEBIAN-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

DEBIAN-CVE-2017-15020

dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file, related to parsedie and...

AZL-79016 CVE-2017-1000098 affecting package golang 1.25.7-1

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...

UBUNTU-CVE-2017-15020

dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file, related to parsedie and...

UBUNTU-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

UBUNTU-CVE-2017-14637

In sam2p 0.49.3, there is an invalid read of size 2 in the parsergb function in inxpm.cpp. However, this can also cause a write to an illegal address...

PT-2017-3151 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.6 Description: The issue is related to the cdc parse cdc header function in drivers/usb/core/message.c, which allows local users to cause a denial of service, including out-of-bounds read and system crash, ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry function in XRef.cc via a crafted PDF document. Remediation A fix was pushed into the master branch but not yet published. References...

dlplibs: Index-out-of-bounds in WKS4Chart::sendCharts

Detailed report: https://oss-fuzz.com/testcase?key=5151574194126848 Project: dlplibs Fuzzer: libFuzzerdlplibswksfuzzer Fuzz target binary: wksfuzzer Job Type: libfuzzerubsandlplibs Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State: WKS4Chart::sendCharts WKS4Parser::par...

ALPINE-CVE-2017-14501

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...

DEBIAN-CVE-2017-14501

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...

UBUNTU-CVE-2017-14501

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...