[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 197798 Download | Alert*

libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory.

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file.

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 .

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file.

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

The host is installed with Oracle MySQL through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability.


Pages:      Start    7404    7405    7406    7407    7408    7409    7410    7411    7412    7413    7414    7415    7416    7417    ..   19779

© SecPod Technologies