Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
15b6e660f7ec10e7b1caf283b0e647fa
libupnp version 1.6.18 stack-based buffer overflow denial of service exploit.
eec0f79236ada16154ef65b5142e8111
SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.
bc1a7022ff9c1b9889c27f49798311ef
Code16 is a compilation of notes from research performed by Cody16. This issue discusses exploring heap overflows and more.
69a5018313932a09abe01bb1cf8ab55f
Boxoft Audio Converter version 2.3.0 suffers from a buffer overflow vulnerability.
991f7441c38b85a7dd514c9bf046acc8
IBM Tivoli Storage Manager version 5.2.0.1 suffers from a command line administrative interface buffer overflow vulnerability.
4a0e4ac1048da1123852d71eb40c733b
Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.
f956aa989b00a65c070070cfbabf0008
This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.
93482b8f1d9c8f6f9b71706c24ed882a
Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.
75f8a4e63787ca4ceecda8a6cac0ad9f
AIX version 5.3L libc local environment handling local root exploit. The AIX 5.3L (and possibly others) libc is vulnerable to multiple buffer overflow issues in the handling of locale environment variables. This allows for exploitation of any setuid root binary that makes use of functions such as setlocale() which do not perform bounds checking when handling LC_* environment variables. An attacker can leverage this issue to obtain root privileges on an impacted AIX system. This exploit makes use of the "/usr/bin/su" binary to trigger the overflow through LC_ALL and obtain root.
5a8e7e11f2da1598bdca5bdbbf71d224
Apple Security Advisory 2020-11-13-7 - Update 2020-005 High Sierra and Security Update 2020-005 Mojave address buffer overflow, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
0fe8239f9a75edd0ffb540f132347ccf
Apple Security Advisory 2020-11-13-6 - watchOS 7.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
1b3f70a0b803d4aba27dee55ca9e87ef
Apple Security Advisory 2020-11-13-4 - tvOS 14.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
e65d5de230a8b7448d59d553c86fe14c
Apple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
f15d74568f4f6adf383e272deddb869b
ReadyTalk Avian JVM versions 1.2.0 before 27th October 2020 suffer from a FileOutputStream.write() integer overflow vulnerability.
0eeb53af3d334c2876f02c02ffa0e8e8
Ubuntu Security Notice 4632-1 - It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service or potentially execute arbitrary code. It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service or potentially execute arbitrary code. Various other issues were also addressed.
4a371d27b914f9fc59555d745600a57f
Red Hat Security Advisory 2020-5086-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and buffer overflow vulnerabilities.
247b6393a653a918a5800b4ee4e00b08
Gentoo Linux Security Advisory 202011-10 - A buffer overflow in tmux might allow remote attacker(s) to execute arbitrary code. Versions less than 3.1c are affected.
ee250d62f4dcb03826e96c97380d6875
Red Hat Security Advisory 2020-4999-01 - The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Issues addressed include a buffer overflow vulnerability.
de7e8ca6255adb8f20983c5d0b02b466
Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.
c8867dbfed920c86be64013795e08eb9
Apple Security Advisory 2020-11-05-7 - tvOS 14.2 is now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
afdd7d495da761675d9100b068a53d3c
A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.
3fbcd0fdda16b92f50dc244f60276db1
Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.
439c305b39ff65ddfffe37601d84a451
Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
e316caeb924e1e7eb685c0783a056ddb
Red Hat Security Advisory 2020-4946-01 - The libX11 packages contain the core X11 protocol client library. Issues addressed include double free and integer overflow vulnerabilities.
109fbef2136275991fa47378e6124780