Vim Resource Management Error Vulnerability (CNVD-2022-68093)

Vim is a cross-platform text editor. versions prior to Vim 9.0 are vulnerable to a resource management error that stems from the existence of post-release reuse. An attacker could exploit the vulnerability to potentially cause program crashes, arbitrary code execution, etc...

CVE-2022-28948

A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert or deserialize invalid input data, potentially impacting system stability and reliability...

Radare2 post-release reuse vulnerability

Radare2 is a set of libraries and tools for working with binaries. a post-release reuse vulnerability exists in versions of Radare2 prior to 5.6.6, which stems from a confusion in the opissetbp directive responsible for freeing memory in radare2 5.6.6. An attacker could exploit this vulnerability...

Buffer overflow

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be...

Buffer overflow

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be...

Denial of Service Vulnerability in Advantech WebAccess Node (CNVD-2021-41708)

Advantech WebAccess Node is a software for monitoring PLCs and other devices from Advantech in Taiwan, China. The product can realize real-time control of equipment status by monitoring PLC and other devices. A denial of service vulnerability exists in Advantech WebAccess Node. An attacker could...

Denial of Service Vulnerability in Tenda AC9 (CNVD-2021-24932)

AC9 is a 1200M 11AC wireless router with Gigabit Ethernet port launched by Shenzhen Jixiang Tengda Technology Co. in 2016. The Tenda AC9 suffers from a denial of service vulnerability that can be exploited by an attacker to cause the program to crash...

SIEMENS JT2Go suffers from a denial of service vulnerability (CNVD-2021-24772)

SIEMENS JT2Go is a JT file viewer. It is used for lightweight previewing of 3D graphics with 3D zoom, panorama, rotation, scaling and repositioning, with precise 3D measurements, basic 3D profile viewing, improved option filters and many other features. SIEMENS JT2Go suffers from a denial of...

Memory corruption vulnerability exists in Nitro Pro (CNVD-2021-21851)

Nitro pro is a PDF production and management software. A memory corruption vulnerability exists in Nitro Pro. An attacker could exploit this vulnerability to cause the program to crash...

Denial of Service Vulnerability in Weilian Technologies WiSCADA (CNVD-2021-21771)

WiSCADA industrial configuration software is a 3D industrial configuration software product that supports Windows, Android and IOS cross-platform. A denial of service vulnerability exists in Weilian Technology WiSCADA. An attacker can exploit the vulnerability to cause the program to crash...

Memory Corruption Vulnerability in QQ Video for Windows

QQ Video is a local player from Tencent that supports movie and music files in any format. A memory corruption vulnerability exists in QQ Video for Windows, which can be exploited by attackers to cause the program to crash...

Memory Corruption Vulnerability in InoTouchPad by Huey Technology

InoTouchPad is an HMI programming software. A memory corruption vulnerability exists in Huichuan Technology InoTouchPad, which can be exploited by attackers to cause a program crash...

Binary Vulnerability in InoTouch Editor V2.6.8

Shenzhen Huichuan Technology Co., Ltd. focuses on the research and development, production and sales of industrial automation control products, positioning itself to serve the middle and high-end equipment manufacturers, based on the industrial automation control technology with independent...

CVE-2017-9103

An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...

Design/Logic Flaw

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, w...

Updated binutils packages fix security vulnerability

Exploitable buffer overflow CVE-2016-2226. Invalid write due to a use-after-free to array btypevec CVE-2016-4487. Invalid write due to a use-after-free to array ktypevec CVE-2016-4488. Invalid write due to integer overflow CVE-2016-4489. Write access violation CVE-2016-4490. Write access violatio...

[slackware-security] openexr

New openexr packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openexr-2.2.0-i586-2slack14.2.txz: Rebuilt. Patched bugs that may lead to program crashes or possibly execution of arbitrary code...

CVE-2017-9047

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlenbuf. If the content-type is...