Nextcloud: No rate limiting for confirmation email lead to huge Mass mailings

Issue Description No rate limit means their is no mechanism to protect against the requests you made in a short frame of time. If the repetition doesn't give any error after 50, 100, 1000 repetitions then their will be no rate limit set. vulnerable has registred in 297359 774050 922470 URL Effect...

clamav:clamav_scanfile_fuzzer: Crash in cli_vba_readdir_new

Detailed Report: https://oss-fuzz.com/testcase?key=4836521560244224 Project: clamav Fuzzing Engine: afl Fuzz Target: clamavscanfilefuzzer Job Type: aflasanclamav Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61908ec5cbd2 Crash State: clivbareaddirnew clivbascandirnew cliscanole2...

libspng:spng_read_fuzzer: Heap-double-free in spng__free

Project: https://gitlab.com/randy408/libspng.git https://github.com/randy408/libspng.git Detailed Report: https://oss-fuzz.com/testcase?key=6554438277005312 Project: libspng Fuzzing Engine: libFuzzer Fuzz Target: spngreadfuzzer Job Type: libfuzzerasanlibspng Platform Id: linux Crash Type:...

jbig2dec:jbig2_fuzzer: Heap-use-after-free in jbig2_release_huffman_table

Project: git://git.ghostscript.com/jbig2dec.git Detailed Report: https://oss-fuzz.com/testcase?key=5721375701729280 Project: jbig2dec Fuzzing Engine: libFuzzer Fuzz Target: jbig2fuzzer Job Type: libfuzzerasanjbig2dec Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address:...

kimageformats:kimgio_xcf_fuzzer: Use-of-uninitialized-value in comp_func_SourceOver_rgb64_avx2

Detailed Report: https://oss-fuzz.com/testcase?key=5725090734145536 Project: kimageformats Fuzzing Engine: libFuzzer Fuzz Target: kimgioxcffuzzer Job Type: libfuzzermsankimageformats Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: compfuncSourceOverrgb64avx2...

xvid:fuzzer-decoder: Crash in get_mv_data

Detailed Report: https://oss-fuzz.com/testcase?key=5173897682485248 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzerasanxvid Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0001800c9f40 Crash State: getmvdata getmv getmotionvector Sanitizer:...

libvips:jpegsave_buffer_fuzzer: Heap-buffer-overflow in attach_xmp_blob

Project: https://github.com/libvips/libvips.git Detailed Report: https://oss-fuzz.com/testcase?key=5673786296238080 Project: libvips Fuzzing Engine: afl Fuzz Target: jpegsavebufferfuzzer Job Type: aflasanlibvips Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

U.S. Dept Of Defense: Account takeover through CSRF in http://███████/██████████/default.asp

Summary: Hi team, I have found a CSRF vulnerability in http://██████/████/default.asp that leads to account takeover. Step-by-step Reproduction Instructions 1. Go to http://██████████/████████/default.asp and login 2. Copy the below HTML code 3. Submit the request and see your profile 4. Try to...

imagemagick/encoder_heic_fuzzer: Heap-buffer-overflow in derive_collocated_motion_vectors

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5743506502451200 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderheicfuzzer Fuzz target binary: encoderheicfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

ffmpeg/ffmpeg_AV_CODEC_ID_AGM_fuzzer: Heap-buffer-overflow in decode_inter_plane

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5704904095563776 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDAGMfuzzer Fuzz target binary: ffmpegAVCODECIDAGMfuzzer Job Type: libfuzzerasanffmpeg Platform Id: linux Crash Type: Heap-buffer-overflow...

capstone/fuzz_disasmnext: Use-of-uninitialized-value in printOperand

Detailed report: https://oss-fuzz.com/testcase?key=5687796902133760 Project: capstone Fuzzer: libFuzzercapstonefuzzdisasmnext Fuzz target binary: fuzzdisasmnext Job Type: libfuzzermsancapstone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: printOperand...

skia/image_filter_deserialize: Heap-buffer-overflow in update_tricolor_matrix

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5680220990865408 Project: skia Fuzzer: aflskiaimagefilterdeserialize Fuzz target binary: imagefilterdeserialize Job Type: aflasanskia Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash...

tidy-html5/tidy_fuzzer: Crash in prvTidyEncodeCharToUTF8Bytes

Detailed report: https://oss-fuzz.com/testcase?key=5756258433368064 Project: tidy-html5 Fuzzer: libFuzzertidy-html5tidyfuzzer Fuzz target binary: tidyfuzzer Job Type: libfuzzermsantidy-html5 Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x730000010000 Crash State:...

graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in EnhanceImage

Project: http://hg.code.sf.net/p/graphicsmagick/code Detailed report: https://oss-fuzz.com/testcase?key=5738409421701120 Project: graphicsmagick Fuzzer: libFuzzergraphicsmagickenhancefuzzer Fuzz target binary: enhancefuzzer Job Type: libfuzzermsangraphicsmagick Platform Id: linux Crash Type:...

poppler/pdf_fuzzer: Use-of-uninitialized-value in JBIG2Stream::readTextRegionSeg

Project: https://anongit.freedesktop.org/git/poppler/poppler.git Detailed report: https://oss-fuzz.com/testcase?key=5747049128001536 Project: poppler Fuzzer: libFuzzerpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanpoppler Platform Id: linux Crash Type: Use-of-uninitialized-value...

Automattic: Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com

Product / URL https://en.instagram-brand.com/wp-json/brc/v1/login/ Description and Impact An attacker can perform account takeover by leveraging following two vulnerabilities: Auth Bypass = Username Enumeration + Login Brute Force A. Username Enumeration: ------------------------------- For the...

U.S. Dept Of Defense: Content-Injection/XSS ████

Summary: Hi, It is possible to inject content and vulnerable to reflected Cross Site Scripting. Affected domain: https://██████████ Used browser: Mozilla. Impact One of the most common XSS attack vectors is to hijack legitimate user accounts by stealing their session cookies. This allows attacker...