CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

CVE-2022-33032

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decodepreR13sectionhdr at decoder11.c...

CLSA-2025-1767003370 binutils: Fix of CVE-2025-11083

CVE-2025-11083: prevent linker crash on corrupt section header...

CLSA-2025-1766586503 binutils: Fix of CVE-2025-11083

CVE-2025-11083: fix corrupt ELF section header handling...

EUVD-2004-1088

Malware in sbrugna...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to direct use of the eshnum field. An attacker can cause a heap buffer overflow by providing a crafted ELF file with manipulated section header values. Remediation Upgrade libbpf to version 1.1.0 or higher...

CVE-2022-50450

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2025-40135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The libbpf component in the Linux kernel contains an issue where it directly uses the e shnum field in the ELF header as the section header count. This can lead to a heap-buffer overflow...

GNU Binutils elf_swap_shdr function buffer overflow vulnerability

GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the elfswapshdr function in the bfd/elfcode.h...

DEBIAN-CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes

NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes. Install git clone https://github.com/MatheuZSecurity/NullSection cd NullSection gcc nullsection.c -o nullsection ./nullsection Advantage When running nullsection on any ELF, it could ...

SUSE CVE-2004-1090

Midnight commander mc 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."...

WBCE CMS Section Header Field Cross-Site Scripting Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

Cross site scripting

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

PT-2022-27368 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Show Advanced Option module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. Recommendations: F...