54 matches found
SUSE CVE-2016-1840
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...
PT-2022-36720 · Oracle · Java
Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in the Double.parseDouble function, which is called by FloatingDecimal.readJavaFormatString and FloatingDecimal.parseDouble. This suggests a...
ruby: Cookie prefix spoofing in CGI::Cookie.parse
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...
Kicad 缓冲区错误漏洞
Kicad is a free software for printed circuit board design from the KiCad Eda community. A security vulnerability exists in KiCad EDA, which stems from a stack buffer overflow vulnerability in the Viewer gerber and excellon GCodeNumber parsing functions in KiCad EDA 6.0.1 and master branches. An...
PT-2021-5833 · Curl +10 · Curl +10
Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to the use of an uninitialized resource in the cURL command-line tool. It affects the -t command line option, also known as CURLOPT TELNETOPTIONS in libcurl, which is used...
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...
RIOT Buffer Overflow Vulnerability (CNVD-2021-29118)
RIOT is a real-time multi-threaded IoT operating system that supports a range of devices commonly found in the Internet of Things. A buffer overflow vulnerability exists in the parseoptions function in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c in RIOT version 2021.01. No detailed...
PHP Input Validation Error Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHP community. The language is primarily used for web development and supports a variety of databases and operating systems. PHP suffers from an input validation error...
CVE-2019-5053
An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability...
PT-2023-14945 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: GPAC version 2.1-DEV-rev505-gb9577e6ad-master Description: A memory leak was discovered in GPAC via the gf isom box parse ex function at box funcs.c. This issue may allow for unauthorized access or other malicious activities. Recommendations:...
Computerinsel Photoline ANI Parsing Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...
UBUNTU-CVE-2018-11210
DISPUTED TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
Apple Quicktime mdat Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0021 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7089 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...
Heap overflow
Multiple heap-based buffer overflows in the parsenotify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a 1 large or 2 negative value in the Extranonc2size parameter in a mining.subscribe response and a...