AdvanceCOMP Invalid Memory Access Vulnerability

AdvanceCOMP is a set of cross-platform command-line data compression tools. An invalid memory access vulnerability exists in the advpngunfilter8 function in png.c in AdvanceCOMP 2.1. An attacker can exploit this vulnerability to cause a denial of service segmentation error or possibly other impac...

The vulnerability of the AMF protocol processing mechanism in Cisco Secure ACS’s security access control system allows a perpetrator to execute arbitrary commands.

The vulnerability of the AMF processing mechanism in the Cisco Secure ACS security control system is related to deficiencies in input data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted AMF message...

The vulnerability of the message filtering function of the Cisco AsyncOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the Cisco AsyncOS operating system’s message filtering function is related to insufficient processing of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted email message...

The vulnerability of the input data processing module in Philips e-Alert Unit’s medical system visualization software allows a intruder to gain access to control resources or execute arbitrary code.

The vulnerability of the input data processing module in Philips e-Alert Unit’s medical system visualization solution arises from incorrect validation of input data. Exploiting this vulnerability can allow an attacker to gain access to resources or execute arbitrary codes...

CVE-2018-14317

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

The vulnerability of the packet processing mechanism of Cisco Firepower 2100 Series software allows a intruder to trigger a service failure.

The vulnerability of the packet processing mechanism of Cisco Firepower 2100 Series microprogrammed network interface cards is related to uncontrolled resource consumption during the processing of IPv4 and IPv6 packets. Exploiting this vulnerability can allow a malicious actor to cause service...

The vulnerability of the Junos operating system, related to packet processing errors in CLNP, allows a attacker to execute arbitrary code or trigger a kernel error.

The vulnerability of the Junos operating system is related to errors in packet processing within the CLNP protocol. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a kernel error by using specially crafted CLNP packets...

CVE-2018-5146

An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code...

CVE-2018-6951

A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches...

The vulnerability of the ares_parse_naptr_reply function in the asynchronous DNS request library c-ares allows a attacker to perform reading beyond the buffer limit in memory.

The vulnerability of the aresparsenaptrreply function in the asynchronous DNS request library c-ares is related to incorrect data processing during the analysis of NAPTR responses. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger buffer overflow attacks by...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

The vulnerability lies in the image processing mechanism when dealing with EMF files related to path visualization, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader Document Cloud. This allows a perpetrator to execute arbitrary code.

The vulnerability in the image processing mechanism during the processing of EMF files related to path visualization, PDF file editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat, and PDF file viewing programs like Adobe Reader, Adobe Reader Document Cloud, arises due to the executi...

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients...

The vulnerability of the Microsoft Outlook email client, which allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Outlook email client is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Digium Asterisk chan_skinny SCCP packet Denial of Service

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chanskinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted SCCP packet to a vulnerable Asterisk server...

ImageMagick Denial of Service Vulnerability (CNVD-2017-03844)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability in encoder/ pict.c in versions prior to ImageMagick 7.0.5-0 allows remote attackers ...

The vulnerability of the LibTIFF library, which allows a hacker to trigger a service failure

The vulnerability of the TIFFFax3fillruns function in the LibTIFF library is related to incorrect data processing. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure termination of the application by using a specially crafted Tiff image...

The vulnerability of the Microsoft Office software package, which allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Office suite is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted document from a remote location...

The vulnerability of the Microsoft Office Compatibility Pack allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office Compatibility Pack is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted document from a remote location...