NewStart CGSL MAIN 6.02 : binutils Multiple Vulnerabilities (NS-SA-2022-0087)

The remote NewStart CGSL host, running version MAIN 6.02, has binutils packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

CVE-2022-30557

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution...

CVE-2021-43083

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

Integer overflow

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

CVE-2021-43083 Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489

CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...

LSN-0081-1: Kernel Live Patch Security Notice

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.CVE-2021-3653 Maxim...

Integer overflow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

SUSE: Security Advisory (SUSE-SU-2018:4127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MyBB 1.8.25 - Poll Vote Count SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

MyBB 1.8.25 - Poll Vote Count SQL Injection Vulnerability

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL email protected Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy" operation on the thread...

DEBIAN-CVE-2020-27768

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0...

ImageMagick Studio ImageMagick 输入验证错误漏洞

ImageMagick is a suite of open source image processing software. The software can read, convert or write images in a variety of formats. A security vulnerability exists in ImageMagick versions prior to 7.0.9-0, which stems from an out-of-range representable value range for the unsigned int type o...

Open-Xchange: Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read

The vulnerability CVE-2020-12673 got fixed by https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 adding this check if length datasize error = "buffer length out of bounds"; return FALSE; But this fix seems incomplete with regards to ntlmssptstri The fix should also ad...

Open-Xchange: Assert failed in `edit_mail_istream_read`

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "variables"; require "editheader"; testset "message" "$mege"; test "" addheader :last "der" "Her-3"; if not testresultexecute Output is with ASAN enabled stack trace testsuite: Panic: file edit-mail.c: line...

ALPINE-CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...

DEBIAN-CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

CVE-2018-6323

The elfobjectp function in elfcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfdsizetype multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service application...