CVE-2020-24837

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the...

CVE-2020-24837

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the...

Denial Of Service (DoS)

PHP is vulnerable to denial-of-service DoS. The attack can be triggered when an attacker passes a malicious JPEG file to the function exifprocessIFDinMAKERNOTE in ext/exif/exif.c...

Google Android 'copy_process' function elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the 'copyprocess' function of the fork.c file in Android. A local attacker can exploit this vulnerability to execute arbitrary co...

CVE-2018-10972

An issue was discovered in Free Lossless Image Format FLIF 0.3. The TransformPaletteC::process function in transform/paletteC.hpp allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted file...

CVE-2018-10113

An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...

GEGL Denial of Service Vulnerability (CNVD-2018-08256)

GEGL is a data stream based image processing framework. The framework provides floating point processing and lossless image processing for projects such as the GNU Image Manipulation Program. A security vulnerability exists in GEGL 0.3.32 and earlier versions, which stems from a failure of the...

Ulterius Directory Traversal Vulnerability

Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...

CVE-2017-16806

The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal...

Null pointer dereference

The AP4Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted mp4 file...

Textract Operating System Command Injection Vulnerability

textract is a Python library for extracting text content from various documents. An operating system command injection vulnerability exists in textract. A remote attacker can use this vulnerability to inject operating system commands by calling the process function from a filename...

CVE-2016-10320

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...

Command injection

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...

CVE-2016-10320

Textract (Python library) for versions before 1.5.0 is affected by CVE-2016-10320 due to an OS command injection vulnerability in the process function triggered by a filename. The issue could enable a remote attacker to execute arbitrary commands in scenarios where a web application accepts names...

Heap overflow

pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process' function of the 'pngdefry.c' source file...

CVE-2017-7231

pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process' function of the 'pngdefry.c' source file...

Design/Logic Flaw

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...

CVE-2012-3413

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email...

Hardcoded credentials

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email...