httpd: Out-of-bounds read in ap_strcmp_match()

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

None in fcambus/logswan

Description Good morning, I hope you're doing well today. Whilst testing logswan built with Clang12 + ASan on Ubuntu 20.04.3 LTS from commit bcfd41, we discovered a heap-use-after-free situation during a strcmp operation on line 259 of logswan/src/logswan.c. Proof of Concept First... echo...

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...

CVE-2021-28904

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

Null pointer dereference

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

CVE-2021-28904

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

CVE-2021-28904

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

CVE-2021-28904

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

CVE-2021-30485

CVE-2021-30485 affects ezXML 0.8.6 (libezxml.a). The issue is a NULL pointer dereference in ezxml_internal_dtd() during XML parsing, caused by memory handling that can lead to a NULL pointer being passed to strcmp(). The connected documents consistently reference this exact flaw in ezXML 0.8.6, i...

Security feature bypass

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...

PHP study notes and security vulnerabilities-vulnerability warning-the black bar safety net

System variables $POST // get the post data is a dictionary $GET // get get data, is a dictionary The error control operator PHP supports one error control operator:@the. When it is placed in a PHP expression, the expression may produce any error information is ignored. Variable default value Whe...

Dolphin < 7.3.3 Authentication Bypass Vulnerability

Dolphin is prone to an authentication bypass vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Debian DLA-598-1 : suckless-tools security update

It was discovered that the slock screen locking tool would segfault when the user's account had been disabled. slock called crypt3 and used the return value for strcmp3 without checking to see if the return value of crypt3 was a NULL pointer. If the hash returned by getspnam-sppwdp was invalid,...

X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (solaris/x86)

No description provided by source. / X11R6 XKEYBOARD extension Strcmp for Sun Solaris 8 9 10 x86 Copyright 2006 RISE Security [email protected], / X11R6 XKEYBOARD extension Strcmp for Sun Solaris 8 9 10 x86 Copyright 2006 RISE Security [email protected], Ramon de Carvalho Valle...

Fedora 20 : nbd-3.5-1.fc20 (2013-22557)

Add systemd support for nbd-server. Use strcmp rather than strncmp for CVE-2013-6410. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 18 : nbd-3.5-1.fc18 (2013-22607)

Add systemd support for nbd-server. Use strcmp rather than strncmp for CVE-2013-6410. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...