An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read. Date published : 2021-04-21 https://github.com/yhirose/cpp-peglib/commit/b3b29ce8f3acf3a32733d930105a17d7b0ba347e https://github.com/yhirose/cpp-peglib/issues/122
An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service. Date published : 2021-04-21 https://github.com/yhirose/cpp-peglib/commit/0061f393de54cf0326621c079dc2988336d1ebb3 https://github.com/yhirose/cpp-peglib/issues/121
An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service. Date published : 2021-04-21 https://github.com/axiomatic-systems/Bento4/issues/540
An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure,...
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or...
OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port. Date published : 2021-04-20 https://www.omicronenergy.com/download/file/e81f23250097e7d5e1071dfbdb7f16d2/ https://www.omicronenergy.com/en/support/product-security/
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it...
Discord Recon Server is a bot that allows one to do one’s reconnaissance process from one’s Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from...
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users...
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically,...
The Administration GUI component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition Distribution...
The Administration GUI component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition Distribution...
The Administration GUI component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition Distribution...
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration. Date published : 2021-04-20 https://github.com/vscode-restructuredtext/vscode-restructuredtext/commit/1dd3e878a5559e3dfe0e48f145c90418b208c5af https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases