Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2020-18652: Bug #12 - Invalid WebP cause memory overflow. (acee2894) · Commits · libopenraw / exempi · GitLab

Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.

CVE
Open in Source
#vulnerability#web#dos#git#buffer_overflow#auth
CVE-2020-18768: Invalid Bug ID

There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.

CVE-2020-18839: pdftohtml memory crash (#742) · Issues · poppler / poppler · GitLab

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

CVE-2020-18781: one heap buffer overflow in FilePOSIX::read in File.cpp · Issue #56 · mpruett/audiofile

Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.

CVE-2020-18831

Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.

CVE-2020-19185: fuzzpoc/infotocap_poc1.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19187: fuzzpoc/infotocap_poc3.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVE-2020-19186: fuzzpoc/infotocap_poc2.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an

CVE-2023-4362: Chromium: CVE-2023-4362 Heap buffer overflow in Mojom IDL

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**