An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). Date published : 2021-07-13 https://github.com/axiomatic-systems/Bento4/issues/418
A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). Date published : 2021-07-13 https://github.com/axiomatic-systems/Bento4/issues/415
An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). Date published : 2021-07-13 https://github.com/axiomatic-systems/Bento4/issues/413
A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). Date published : 2021-07-13 https://github.com/axiomatic-systems/Bento4/issues/414
An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). Date published : 2021-07-13 https://github.com/axiomatic-systems/Bento4/issues/417
An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). Date published : 2021-07-13 https://github.com/axiomatic-systems/Bento4/issues/416
A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). Date published : 2021-07-13 https://github.com/Exiv2/exiv2/issues/980
Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables Date published : 2021-07-13 https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. Date published : 2021-07-12 https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html
Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains...
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). Date published : 2021-07-12 https://devolutions.net/security/advisories/DEVO-2021-0005
In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user’s browser via logon.jsp?logon_error= on the login screen of the Web application. Date published : 2021-07-12 https://gist.github.com/rvismit/c2da674254f53c40d3a9eb3896277ebc https://www.edifecs.com/services/managed-services/
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Date published : 2021-07-12 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/ https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a...