CVE-2022-46173

The CVE-2022-46173 entry affects Elrond-GO prior to version 1.3.50. A processing issue occurred when handling a cross-shard relayed transaction that included smart contract deploy data, caused by a mis-correlation between transaction caches and the processing component. If such a transaction used...

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

Incorrect Resource Transfer Between Spheres

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

PT-2022-21889 · Autodesk · Autodesk Dwg

Name of the Vulnerable Software and Affected Versions: Autodesk DWG affected versions not specified Description: A maliciously crafted Dwg2Spd file, when processed through the Autodesk DWG application, could lead to a memory corruption issue due to a write access violation. This issue, in...

PT-2022-20018 · Unknown · Oretnom23 Fast Food Ordering System

Name of the Vulnerable Software and Affected Versions: oretnom23 Fast Food Ordering System affected versions not specified Description: A problematic issue has been found in the oretnom23 Fast Food Ordering System, affecting the processing of the file "admin/?page=reports". The manipulation of th...

Undesired behavior

Lines of code Vulnerability details You push a parameter into an array of tokens without checking if it's already exists. And if at first it's added with amount 0 it can later on be pushed with a greater amount and be twice in the array. Then in all processing it will consider the first occurrenc...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

SUSE-SU-2020:3914-1 Security update for xen

This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests bsc117949 XSA-115. - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions bsc1179498...

OPENSUSE-SU-2019:2529-1 Security update for libjpeg-turbo

This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. bsc1156402 This update was imported from the SUSE:SLE-15:Update update project...

PT-2019-3225 · Dovecot +5 · Dovecot +6

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.2.36.4 Dovecot versions prior to 2.3.7.2 Pigeonhole versions prior to 0.5.7.2 Description: The issue is related to the mishandling of '0' characters in protocol processing, which can lead to out-of-bounds writes an...

CVE-2019-11705

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecuraddbydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7.1...

CVE-2019-11706

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezonegetvtimezoneproperties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird 60.7.1...

SUSE-SU-2018:2898-1 Security update for smt, yast2-smt

This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. - CVE-2018-12470: SQL injection in...

CVE-2016-3620

The ZIPEncode function in tifzip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service buffer over-read via a crafted BMP image...

MGASA-2015-0308 Updated ghostscript package fixes security vulnerability

GhostScript is vulnerable to an integer overflow when processing a crafted PostScript file using the ps2pdf command CVE-2015-3228...

Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)

A policy bypass vulnerability has been reported in Mozilla Firefox and SeaMonkey. The vulnerability is due to an issue with processing the derived trap has. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted webpage...

CVE-2013-4926

epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service application crash via a crafted packet...

moinmoin -- wrong processing of group membership

MoinMoin developers report: If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now they erroneously included All/Known/Trusted users even if you did not list them as members, but will start working correctly with this changeset. E.g. AllFriendsGroup: JoeDoe...

Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)

This update fixes a number of security issues in PHP : - various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 - ...

Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser

CSIS Security Advisory: CSIS2005-1 Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser Date Published: 3rd of January 2005 Product description: GFI MailEssentials for Exchange/SMTP offers spam protection and email management at server level. GFI MailEssentials offers a fast...