PT-2021-5779 · Ntfs-3G +7 · Ntfs-3G +7

Name of the Vulnerable Software and Affected Versions: NTFS-3G versions prior to 2021.8.22 Description: A heap buffer overflow can occur when a specially crafted unicode string is supplied in an NTFS image, potentially allowing for code execution. This issue may also enable an attacker to access...

GHSA-G5VF-V6WF-7W2R Ciphertext Malleability Issue in Tink Java

Impact Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a...

Ciphertext Malleability Issue in Tink Java

Impact Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a...

Adobe Acrobat Reader DC Javascript submitForm Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to sensitive information disclose as well as memory corruption which can lead to...

USN-4330-2 php7.4 vulnerabilities

USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash...

Denial Of Service (DoS)

kernel isvulnerable to denial of service DoS. The vulnerability exists as several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory...

Arbitrary Code Execution

qt is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code...

DEBIAN-CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

EasyBoot v6.6.0.800 - Stack Buffer Overflow Vulnerability

Document Title: =============== EasyBoot v6.6.0.800 - Stack Buffer Overflow Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2176 Release Date: ============= 2019-03-07 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2...

PortEx - Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

PT-2017-14381 · Adobe · Reader +1

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat and Reader versions 2017.012.20098 and earlier Adobe Acrobat and Reader versions 2017.011.30066 and earlier Adobe Acrobat and Reader versions 2015.006.30355 and earlier Adobe Acrobat and Reader versions 11.0.22 and earlier...

GHSA-8QRH-H9M2-5FVF Cross site scripting that affects rails

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

Cross site scripting that affects rails

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

Moderate severity XSS vulnerability that affects rails

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. 9/4/2009 url mentions patches for 2.0, 2.1, 2.2, and 2.3 series...

Moderate severity XSS vulnerability that affects rails

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. 9/4/2009 url mentions patches for 2.0, 2.1, 2.2, and 2.3 series...

ansible -- Input validation flaw in jinja2 templating system

RedHat security team reports: An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result in code...