xvid:fuzzer-decoder: Heap-buffer-overflow in BitstreamSkip

Detailed Report: https://oss-fuzz.com/testcase?key=5635791283290112 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzerasani386xvid Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0xf2a02968 Crash State: BitstreamSkip BitstreamGetBits...

irssi:server-fuzz: Bad-free in sig_destroyed

Project: https://github.com/irssi/irssi.git Detailed Report: https://oss-fuzz.com/testcase?key=5716112825647104 Project: irssi Fuzzing Engine: afl Fuzz Target: server-fuzz Job Type: aflasanirssi Platform Id: linux Crash Type: Bad-free Crash Address: 0x6190000016e0 Crash State: sigdestroyed...

libhevc:hevc_dec_fuzzer: Use-of-uninitialized-value in ihevcd_fmt_conv_420sp_to_rgb565

Detailed Report: https://oss-fuzz.com/testcase?key=5728697516032000 Project: libhevc Fuzzing Engine: libFuzzer Fuzz Target: hevcdecfuzzer Job Type: libfuzzermsanlibhevc Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ihevcdfmtconv420sptorgb565 ihevcdfmtconv...

libvips:jpegsave_file_fuzzer: Crash in vips_rad2float_line

Project: https://github.com/libvips/libvips.git Detailed Report: https://oss-fuzz.com/testcase?key=5682293519155200 Project: libvips Fuzzing Engine: libFuzzer Fuzz Target: jpegsavefilefuzzer Job Type: libfuzzerasanlibvips Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x7f8e216e0000 Crash...

cryptofuzz:cryptofuzz-openssl-noasm: Heap-buffer-overflow in aria_set_encrypt_key

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5665634448310272 Project: cryptofuzz Fuzzing Engine: libFuzzer Fuzz Target: cryptofuzz-openssl-noasm Job Type: libfuzzerasani386cryptofuzz Platform Id: linux Crash Type: Heap-buffer-overflow...

OS Command Injection in MiniMagick

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | character followed by a command...

FFmpeg heap buffer overflow vulnerability (CNVD-2019-22635)

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A heap buffer overflow vulnerability exists in blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3. No detailed vulnerability details are provided at...

RUSTSEC-2019-0008 Flaw in string parsing can lead to crashes due to invalid memory access.

The affected version of this crate did not guard against accessing memory beyond the range of its input data. A pointer cast to read the data into a 256-bit register could lead to a segmentation fault when the end plus the 32 bytes 256 bit read would overlap into the next page during string...

c-ares/ares_parse_reply_fuzzer: Crash in _fini

Project: https://github.com/c-ares/c-ares.git Detailed report: https://oss-fuzz.com/testcase?key=5687310655422464 Project: c-ares Fuzzer: libFuzzerc-aresaresparsereplyfuzzer Fuzz target binary: aresparsereplyfuzzer Job Type: libfuzzerubsanc-ares Platform Id: linux Crash Type: UNKNOWN READ Crash...

UBUNTU-CVE-2016-9969

In libwebp 0.5.1, there is a double free bug in libwebpmux...

open62541/fuzz_json_decode_encode: Heap-buffer-overflow in UA_unbase64

Project: https://github.com/open62541/open62541.git Detailed report: https://oss-fuzz.com/testcase?key=5207216900014080 Project: open62541 Fuzzer: libFuzzeropen62541fuzzjsondecodeencode Fuzz target binary: fuzzjsondecodeencode Job Type: libfuzzerasanopen62541 Platform Id: linux Crash Type:...

lzma/7z_fuzzer: Use-of-uninitialized-value in CrcUpdateT8

Detailed report: https://oss-fuzz.com/testcase?key=5695345578737664 Project: lzma Fuzzer: libFuzzerlzma7zfuzzer Fuzz target binary: 7zfuzzer Job Type: libfuzzermsanlzma Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: CrcUpdateT8 CrcCalc SzArExExtract Sanitize...

The vulnerability of the microprogramming software used in Moxa EDS and IKS switches allows a intruder to gain unauthorized access to protected information.

The vulnerability of Moxa EDS and IKS microcontroller software lies in the use of a predictable cookie file during hashing. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information...

MGASA-2018-0496 Updated graphicsmagick packages fix security vulnerabilities & bugs

Graphicsmagick has been updated to fix several bugs and security issues...

CVE-2018-19044

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...

Integer Overflow or Wraparound

In the client in Bytom checkTopicRegister in p/discover/net.go does not prevent negative idx values, leading to a crash...

SUSE-SU-2018:2535-1 Security update for libreoffice

This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by...

CVE-2018-1000504

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerabili...

Facebook Software Bug Made Some Private Posts Public: 14 Million Affected

A Facebook software bug in May switched the “suggested audience” for posts to “public” for 14 millions of users. The glitch meant Facebook users who though they were sharing content with just friends or small groups actually made their posts available to the general public. The incident is the...

Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...