Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2014-3554: oss-security - CVE-2014-3554: libndp buffer overflow

Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE

Related news

CVE-2020-23890: WildBit Software

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.

CVE-2020-23900: WildBit Software

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.

CVE-2020-23902: WildBit Software

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.

CVE-2020-23679: client 注册用户信息,存在栈溢出漏洞 · Issue #1 · Renleilei1992/Linux_Network_Project

Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.

CVE-2021-36999: July

There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE-2020-28964

Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.

CVE-2020-23060

Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.

CVE-2020-21493: User Name Enumeration Vulnerability · Issue #3 · rayfalling/xiuno-docker

An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.

CVE-2021-39327: Vulnerability Advisories - Wordfence

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.

CVE-2021-33362: fixed #1780 (fuzz) · gpac/gpac@1273cdc

Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32137: [security]heap buffer overflow in MP4Box URL_GetProtocolType · Issue #1766 · gpac/gpac

Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2021-32136: [security]heap buffer overlow in MP4Box print_udta · Issue #1765 · gpac/gpac

Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

CVE-2017-7415: Confluence 6.0.x Information Disclosure ≈ Packet Storm

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

CVE-2016-1575: CVE-2016-1575 | Ubuntu

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

CVE-2015-0272: Bugtraq

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

CVE-2008-3529: Releases

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907