Monthly Archive: August 2021

A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. Date published : 2021-08-23 https://github.com/Exiv2/exiv2/issues/759

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. Date published : 2021-08-23 https://github.com/Exiv2/exiv2/issues/760

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. Date published : 2021-08-23 https://github.com/Exiv2/exiv2/issues/756

A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. Date published : 2021-08-23 https://github.com/eclipse-cyclonedds/cyclonedds https://github.com/eclipse-cyclonedds/cyclonedds/issues/501

A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. Date published : 2021-08-23 https://github.com/eclipse-cyclonedds/cyclonedds https://github.com/eclipse-cyclonedds/cyclonedds/issues/476

A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). Date published : 2021-08-23 https://github.com/airpig2011/IEC104/issues/5

A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). Date published : 2021-08-23 https://github.com/airpig2011/IEC104/issues/4

An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected....

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. Date published : 2021-08-22 https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/XSS_HTMLi

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Date published : 2021-08-22 https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/HHI

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. Date published :...

An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the...

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. Date published :...

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. Date published :...