PT-2018-1905 · Rsync +3 · Rsync +3

Name of the Vulnerable Software and Affected Versions: rsync versions prior to 3.1.3 Description: The issue is related to the parse arguments function in options.c in rsyncd, which does not prevent multiple uses of the --protect-args parameter. This allows remote attackers to bypass an...

Artifex Software MuPDF 'pdf_parse_array' function infinite loop vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. An infinite loop vulnerability exists in the 'pdfparsearray' function of the pdf/pdf-parse.c file in MuPDF version 1.12.0. A remote attacker can exploit this vulnerability to cause a denial of service application...

UBUNTU-CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...

PT-2018-17083 · Artifex · Mupdf

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.12.0 Description: The issue is related to an infinite loop vulnerability and application hang in the pdf parse array function, located in pdf/pdf-parse.c, due to the failure to consider the End Of File EOF. This allows remote...

CVE-2017-13197

In the ihevcdparseslice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1...

CVE-2017-13195

In the ihevcdparsesps function of ihevcdparseheaders.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed...

The vulnerability of the phar_parse_pharfile function (ext/phar/phar.c), a PHAR archive handler, allows a attacker to cause a service failure.

The vulnerability of the pharparsepharfile function ext/phar/phar.c, a PHAR archive handler, arises due to the execution of an operation beyond the buffer’s boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a...

DEBIAN-CVE-2018-5295

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function base/PdfXRefStreamParserObject.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file...

knot-dns/fuzz_zscanner: Index-out-of-bounds in parse

Project: https://gitlab.labs.nic.cz/knot/knot-dns Detailed report: https://oss-fuzz.com/testcase?key=4734243205808128 Project: knot-dns Fuzzer: libFuzzerknot-dnsfuzzzscanner Fuzz target binary: fuzzzscanner Job Type: libfuzzerubsanknot-dns Platform Id: linux Crash Type: Index-out-of-bounds Crash...

The vulnerability of the cdc_parse_cdc_header function in the Linux operating system’s kernel allows a attacker to cause a service failure or exert other effects.

The vulnerability of the cdcparsecdcheader function in the Linux kernel’s drivers/usb/core/message.c file arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure or other adverse effects through a...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3657 advisory. - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 26675925 CVE-2017-7889 - more biomapuseriov leak fixes Al Viro Orabug: 27069042...

libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c

A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file...

zw.wowcity.com XSS vulnerability

Open Bug Bounty ID: OBB-444554 Description| Value ---|--- Affected Website:| zw.wowcity.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

MGASA-2017-0414 Updated bluez packages fix security vulnerability

Buffer overflow in parseline function in the csr tool CVE-2016-7837...

DEBIAN-CVE-2017-1000231

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors...

MSA vot.Ar 'parse' function unauthorized operation vulnerability

MSA vot.Ar is a suite of voting election applications. A security vulnerability exists in the 'parse' function in MSA vot.Ar version 3.1. An attacker in close physical proximity could exploit this vulnerability to cast multiple votes for a candidate with the help of a specially designed RFID voti...