UBUNTU-CVE-2019-20352

In Netwide Assembler NASM 2.15rc0, a heap-based buffer over-read occurs via a crafted .asm file in settextfree when called from expandonesmacro in asm/preproc.c...

PHP EXIF extension buffer overflow vulnerability (CNVD-2020-22810)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

PHP Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...

PHP Memory Location Double Release Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

llvm:clang-fuzzer: Segv on unknown address in clang::Preprocessor::AnnotatePreviousCachedTokens

Detailed Report: https://oss-fuzz.com/testcase?key=5726945203716096 Project: llvm Fuzzing Engine: libFuzzer Fuzz Target: clang-fuzzer Job Type: libfuzzermsanllvm Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: clang::Preprocessor::AnnotatePreviousCachedTokens...

DEBIAN-CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...

WordPress Popup Maker Plugin Has Unspecified Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Popup Maker is a popup window plugin used in it. A security vulnerability exists in WordPress Popup Maker plugin versions...

vBulletin Remote Code Execution Vulnerability

vBulletin is a business forum program developed and marketed by Internet Brands and vBulletin Solutions. A remote code execution vulnerability exists in vBulletin, which can be exploited by an attacker to inject and execute arbitrary PHP code...

SugarCRM Administration Module PHP Code Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

SugarCRM UpgradeWizard Module PHP Object Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the UpgradeWizard module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

MCPP Heap Buffer Overflow Vulnerability

MCPP is an open source C/C ++ preprocessor. A buffer overflow vulnerability exists in the 'domsg' function of the support.c file in MCPP version 2.7.2. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting...

ML Code Injection Vulnerability

Discuz!ML is an open source community forum system based on the Discuz!X engine. A security vulnerability exists in Discuz!ML version 3.2 to 3.4. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

USN-4009-2 php5 vulnerabilities

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...

PHP EXIF Extended Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

UBUNTU-CVE-2019-11040

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

Design/Logic Flaw

Multiple vulnerabilities in the Server Message Block SMB Protocol preprocessor detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service DoS condition. For more information about these vulnerabilities,...

CVE-2019-1704 Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities

Multiple vulnerabilities in the Server Message Block SMB Protocol preprocessor detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service DoS condition. For more information about these vulnerabilities,...

CVE-2019-1704

CVE-2019-1704 describes multiple vulnerabilities in the Cisco Firepower Threat Defense (FTD) Software’s SMB Protocol Preprocessor Detection Engine. The flaws could allow an unauthenticated, adjacent, or remote attacker to cause a denial of service (DoS) in FTD through the SMB preprocessor compone...

CVE-2019-1704 Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities

Multiple vulnerabilities in the Server Message Block SMB Protocol preprocessor detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service DoS condition. For more information about these vulnerabilities,...

CVE-2019-1696

Multiple vulnerabilities in the Server Message Block SMB Protocol preprocessor detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service DoS condition. For more information about these vulnerabilities,...