MSA vot.Ar 'parse' function unauthorized operation vulnerability

MSA vot.Ar is a suite of voting election applications. A security vulnerability exists in the 'parse' function in MSA vot.Ar version 3.1. An attacker in close physical proximity could exploit this vulnerability to cast multiple votes for a candidate with the help of a specially designed RFID voti...

Linux kernel local denial of service vulnerability (CNVD-2017-33096)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A local denial of service vulnerability exists in the 'cdcparsecdcheader' function in the drivers/usb/core/message.c file in versions of Linux kernel prior to 4.13.6. A local...

DEBIAN-CVE-2017-16533

The usbhidparse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

CVE-2017-16533

The usbhidparse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

UBUNTU-CVE-2017-16534

The cdcparsecdcheader function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

DEBIAN-CVE-2017-15928

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parseobj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication...

Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

GHSA-C9F4-XJ24-8JQX Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

Design/Logic Flaw

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

CVE-2015-6839

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

CVE-2015-6839

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

CVE-2015-6839

The CVE-2015-6839 entry concerns MSA vot.Ar 3.1, where the parse function fails to prevent a candidate from receiving multiple votes. The underlying issue is a vulnerability in the parsing logic that allows an RFID ballot tag crafted by an attacker in close physical proximity to cause multiple vo...

Sandbox Breakout / Arbitrary Code Execution

Overview Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...

DEBIAN-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

DEBIAN-CVE-2017-15020

dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file, related to parsedie and...

AZL-79016 CVE-2017-1000098 affecting package golang 1.25.7-1

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...

UBUNTU-CVE-2017-15020

dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file, related to parsedie and...

UBUNTU-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

UBUNTU-CVE-2017-14637

In sam2p 0.49.3, there is an invalid read of size 2 in the parsergb function in inxpm.cpp. However, this can also cause a write to an illegal address...

PT-2017-3151 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.6 Description: The issue is related to the cdc parse cdc header function in drivers/usb/core/message.c, which allows local users to cause a denial of service, including out-of-bounds read and system crash, ...