Denial Of Service (DoS)

mozilla firefox is vulnerable to stack-based buffer underflow vulnerability. Remote attackers can execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations...

Man-in-the-Middle (MitM)

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

Improper Input Validation And Arbitary Code Injection

The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. The AnimationThread function uses an incorrect argument to the sscanf function, allowing remote attackers to crash the application in a stack-based buffer overflow...

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

Integer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

Buffer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

Integer Overflow

The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...

Denial Of Service (DoS)

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP Border Gateway Protocol routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF Open Shortest Path First routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd...

Denial Of Service (DoS) And Remote Code Execution (RCE)

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that,...

Orpak SiteOmat

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak acquired by Gilbarco Veeder-Root Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of...

Stack overflow

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...

CVE-2019-10952 Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370...

Stack overflow

An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rectypecheckenum at rec-types.c in librec.a...

CVE-2019-11639

An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rectypecheckenum at rec-types.c in librec.a...

EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1298)

According to the version of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to...

EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2019-1297)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.CVE-2019-7398 - In ImageMagick 7.0.8-36 Q16, there is...

Using Foxit Reader PDF Printer to achieve provided the right-vulnerability warning-the black bar safety net

Last year, I wrote an article about the Foxit Reader, tap the UAF vulnerability of the process, and how to exploit the vulnerability remote code execution attacks. After that, I'm in one of the articles described in Foxit Reader SDK ActiveX in a command injection vulnerability. The spirit does no...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1272-1 Rating: moderate References: 1132053 1132054 1132055 1132058 1132060 1132061 Cross-References: CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Affected...

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...