CVE-2018-0311

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software insufficiently validates...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

AZL-6785 CVE-2018-1000156 affecting package patch for versions less than 2.7.6-7

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

USN-3479-1 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2017-15098 Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing...

GraphicsMagick Denial of Service Vulnerability (CNVD-2017-36019)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the 'ReadWPGImage' function in the coders/wpg.c file in GraphicsMagick version 1.3.26. A remote attacker can exploit this...

Cisco Small Business SPA300, SPA500 and SPA51x Denial of Service Vulnerabilities

The Cisco Small Business SPA300, SPA500, and SPA51x are all S-series IP phone products from Cisco. A denial of service vulnerability exists in the processing of IP slices in the Cisco Small Business SPA300, SPA500, and SPA51x series of IP phones, which stems from the program's failure to handle...

CVE-2017-11537

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception FPE in the WritePALMImage function in coders/palm.c, related to an incorrect bits-per-pixel calculation...

GraphicsMagick 'ReadDPXImage()' Denial of Service Vulnerability

GraphicsMagick has been called the Swiss Army Knife of image processing. The short and compact code provides a robust and efficient collection of tools and libraries to handle reading, writing and manipulating images, supporting over 88 image formats, including the important DPX, GIF, JPEG,...

CVE-2017-3743

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility ASU, UpdateXpress System Pack Installer UXSPI or Dynamic System Analysis DSA to a second machine, the other users may be able to see the user ID...

CVE-2017-8397

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing relocs with negative addresses. This vulnerability causes programs that conduct an...

UBUNTU-CVE-2017-8374

The madbitskip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...

Memory Corruption Vulnerability in GIF Image Processing by Universal Picture Viewer

Universal Picture Viewer is a picture viewing software. Universal Picture Viewer has a memory corruption vulnerability when dealing with GIF format images, which allows an attacker to construct a malformed GIF format that can cause the program to crash, and if successfully exploited, can lead to...

Cisco cBR Series Converged Broadband Routers Denial of Service Vulnerability

Cisco cBR Series Converged Broadband Routers is a router device. A security vulnerability in the Cisco cBR Series Converged Broadband Routers processing list header field allows remote attackers to exploit the vulnerability to submit a special request for a denial of service attack...

OpenJDK: missing entity replacement limits (JAXP, 8149962)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500...

openSUSE Security Update : GraphicsMagick (openSUSE-2016-984)

This update for GraphicsMagick fixes the following issues : - CVE-2014-9805: SEGV due to a corrupted pnm file boo983752 - CVE-2016-5240: SVG converting issue resulting in DoS endless loop boo983309 - CVE-2016-5241: Arithmetic exception div by 0 in SVG conversion boo983455 - CVE-2014-9846: Overflo...

PhotoLab Processing PNG Images Memory Corruption Vulnerability

PhotoLab is a Image Processing software developed by SELTECO Corporation company. A memory corruption vulnerability exists in the processing of PNG images. Allowing an attacker to exploit this vulnerability to construct a malformed PNG image can cause the program to crash; if successfully...

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

FFmpeg sws_init_context Denial of Service Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'swsinitcontext' function in the libswscale/utils.c file in versions of FFmpeg prior to 2.7.2, which stems from the program's failure to initialize th...

MGASA-2014-0214 Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...