libass: Attempting free in parse_events

Project: https://github.com/libass/libass.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5420800962199552 Project: libass Fuzzer: libFuzzerlibassfuzzer Fuzz target binary: libassfuzzer Job Type: libfuzzerasanlibass Platform Id: linux Crash Type: Attempting free Crash...

ALPINE-CVE-2016-9809

Off-by-one error in the gsth264parsesetcaps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read...

DEBIAN-CVE-2016-9813

The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...

UBUNTU-CVE-2016-9813

The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...

BlueZ userland utilities vulnerable to buffer overflow

Overview BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities. parseline function used in some userland utilities contains a buffer overflow vulnerability. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

HTTP Header Injection

excon is vulnerable to HTTP header injection vulnerability. It does not properly parse the path, allowing attackers to inject arbitrary headers in requests or even create a new evil request...

Information Disclosure

parse-server is vulnerable to information disclosures. A malicious user can view personal identifiable information when querying the database without authorization...

DEBIAN-CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

UBUNTU-CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2016-4302

Heap-based buffer overflow in the parsecodes function in archivereadsupportformatrar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary...

ALPINE-CVE-2016-4302

Heap-based buffer overflow in the parsecodes function in archivereadsupportformatrar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary...

DEBIAN-CVE-2016-4301

Stack-based buffer overflow in the parsedevice function in archivereadsupportformatmtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file...

CVE-2016-4302

Heap-based buffer overflow in the parsecodes function in archivereadsupportformatrar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary...

Stack overflow

Stack-based buffer overflow in the parsedevice function in archivereadsupportformatmtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file...

UBUNTU-CVE-2016-4301

Stack-based buffer overflow in the parsedevice function in archivereadsupportformatmtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file...

Parse HTTP X-Forwarded Header Attack Redirect

Document Title: =============== Parse HTTP X-Forwarded Header Attack Redirect References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1944 PoC Video: https://www.youtube.com/watch?v=gpYe-hun8Xk Vulnerability Magazine:...

Parse HTTP X-Forwarded Header Attack Redirect

Document Title: =============== Parse HTTP X-Forwarded Header Attack Redirect References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1944 PoC Video: https://www.youtube.com/watch?v=gpYe-hun8Xk Vulnerability Magazine:...

ALPINE-CVE-2016-6254

Heap-based buffer overflow in the parsepacket function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet...

DEBIAN-CVE-2016-6254

Heap-based buffer overflow in the parsepacket function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet...