Monthly Archive: December 2020

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input...

A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types...

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type...

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would...

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. Date published : 2020-12-04 https://github.com/OS4ED/openSIS-Responsive-Design/commit/edca0855e7bc27d5b28dcb2d16f057ada865e282#diff-5f88e2ce4cd96451df7580911120b4b2 https://github.com/OS4ED/openSIS-Responsive-Design/compare/ver7.4…V7.5

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. Date published : 2020-12-04 https://github.com/OS4ED/openSIS-Responsive-Design/releases OpenSIS Vulnerabilities

Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). Date published : 2020-12-04 https://github.com/Moddable-OpenSource/moddable/issues/442 https://github.com/Moddable-OpenSource/moddable/releases/tag/OS200908

Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the...

Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). Date published : 2020-12-04 https://github.com/Moddable-OpenSource/moddable/issues/440 https://github.com/Moddable-OpenSource/moddable/releases/tag/OS200908

Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. Date published : 2020-12-04 https://github.com/Moddable-OpenSource/moddable/issues/432 https://github.com/Moddable-OpenSource/moddable/releases/tag/OS200903

Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). Date published : 2020-12-04 https://github.com/Moddable-OpenSource/moddable/issues/441 https://github.com/Moddable-OpenSource/moddable/releases/tag/OS200908

Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. Date published : 2020-12-04 https://itsmeanonartist.tech/blogs/blog2.html https://packetstormsecurity.com/files/159070/Cabot-0.11.12-Cross-Site-Scripting.html

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x)....

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series...