11967 matches found
OSV-2020-757 Heap-buffer-overflow in cras_channel_remix_conv_create
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23612 Crash type: Heap-buffer-overflow READ 4 Crash state: craschannelremixconvcreate audiothreadconfigglobalremix ccrhandlemessagefromclient...
binutils:fuzz_disassemble: Global-buffer-overflow in print_insn_arc
Detailed Report: https://oss-fuzz.com/testcase?key=6258025384640512 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Global-buffer-overflow READ 8 Crash Address: 0x000001427320 Crash State: printinsnarc...
sugarwish.com Improper Access Control vulnerability OBB-1217474
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
JobSearch < 1.5.3 - Multiple Cross-Site Scripting Issues
An Unauthenticated Reflected & Multiple Authenticated Persistent XSS vulnerabilities was discovered in the JobSearch plugin through 1.5.1 and 1.5.2 for WordPress. Authenticated Persistent XSS on the Candidate and Employer Profile pages. An Authenticated Persistent XSS @ Job Page will trigger on t...
Engel & Völkers Technology GmbH: SQL Injection at /displayPDF.php (printshop.engelvoelkers.com)
Intro An SQL injection has been identified. Through this vulnerability an attacker could execute arbitrary SQL statements compromising the integrity of the database and obtain sensitive information, violating the confidentiality of the data. Given the great impact of the vulnerability and...
c-blosc2:decompress_fuzzer: Use-of-uninitialized-value in blosc_run_decompression_with_context
Project: https://github.com/Blosc/c-blosc2.git Detailed Report: https://oss-fuzz.com/testcase?key=4799687189331968 Project: c-blosc2 Fuzzing Engine: libFuzzer Fuzz Target: decompressfuzzer Job Type: libfuzzermsanc-blosc2 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Cra...
OSV-2020-626 UNKNOWN READ in ot::Buffer::GetNextBuffer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13412 Crash type: UNKNOWN READ Crash state: ot::Buffer::GetNextBuffer ot::MessagePool::FreeBuffers ot::Coap::ResponsesQueue::DequeueAllResponses...
OSV-2020-573 UNKNOWN READ in (__has_construct<std::__1::allocator<unsigned
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14479 Crash type: UNKNOWN READ Crash state: hasconstruct::value, void::t std::1::vector ::vectoruns...
OSV-2020-430 Stack-use-after-return in OSSL_PARAM_get_int32
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15114 Crash type: Stack-use-after-return READ 4 Crash state: OSSLPARAMgetint32 md5sha1setparams ssl3finalfinishmac...
OSV-2020-376 Heap-buffer-overflow in perfetto::trace_processor::fuchsia_trace_utils::ReadTimestamp
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14767 Crash type: Heap-buffer-overflow READ 8 Crash state: perfetto::traceprocessor::fuchsiatraceutils::ReadTimestamp perfetto::traceprocessor::FuchsiaTraceParser::ParseTracePacket...
gokaku-go.com Cross Site Scripting vulnerability OBB-1210893
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
iOS / macOS Wifi Proximity Vulnerability
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering. if 0 iOS/MacOS wifi proximity kernel double free in AWDL BSS Steering As part of developing an exploit for CVE-2020-3843 a heap overflow in AWDL I've been looking at the code for "BSS Steering". It...
mail2.finalweb.net Cross Site Scripting vulnerability OBB-1205187
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
OSV-2020-72 Use-of-uninitialized-value in print_crl
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21153 Crash type: Use-of-uninitialized-value Crash state: printcrl gnutlsx509crlprint gnutlsx509crlparserfuzzer.c...
OSV-2020-16 Heap-use-after-free in BEInt<unsigned short, 2>::operator unsigned short
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20906 Crash type: Heap-use-after-free READ 2 Crash state: BEInt::operator unsigned short OT::IntType::operator unsigned int OT::GlyphVarData::hasdata...
jsia.edu.in Cross Site Scripting vulnerability OBB-1203247
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
pandasecurity.com Cross Site Scripting vulnerability OBB-1202164
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Tor2Mine is up to their old tricks — and adds a few new ones
By Kendall McKay and Joe Marshall. Threat summaryCisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an...
rezept.sz-magazin.de Cross Site Scripting vulnerability OBB-1196234
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
socialvalueuk.org Cross Site Scripting vulnerability OBB-1194048
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...