Author: Cyberthreat Blog

libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many ” characters.

The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn’t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite...

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a...

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezkappuploadshelpdezkattachments directory.

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a “POST / HTTP/1.1” request.