9 matches found
UBUNTU-CVE-2025-66031
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
node-forge 安全漏洞
node-forge is a software application. A WebJar for node-forge. A security vulnerability exists in node-forge 1.3.1 and earlier versions, which stems from an ASN.1 structure parsing conflict that could bypass downstream cryptographic authentication...
CVE-2024-53151
In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: Commit 78147ca8b4a9 "svcrdma: Add a "parsed chunk list" data structure" from Jun 22, 2020 linux-next, leads to the following Smatch static checker warning:...
CVE-2021-44443
A vulnerability has been identified in JT Utilities All versions V13.1.1.0, JTTK All versions V11.1.1.0. JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code ...
Evolutionary Knowledge Based Fuzzer: Choronzon
Evolutionary Knowledge Based Fuzzer Choronzon is an evolutionary fuzzer. It tries to imitate the evolutionary process in order to keep producing better results. To achieve this, it has an evaluation system to classify which of the fuzzed files are interesting and which should be dropped. Moreover...
nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)
A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability
ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-217 June 14, 2011 -- CVE ID: CVE-2011-2109 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...
Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Word LVL Structure Parsing Remote Code Execution (MS10-079; CVE-2010-3220)
Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to an error in Microsoft Word that fails to properly parse LVL structures within specially crafted Word files. A remote attacker could trigge...