chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Max CVSS
4.3
EPSS Score
0.45%
Published
2018-10-23
Updated
2022-10-25
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Max CVSS
6.5
EPSS Score
34.48%
Published
2018-10-23
Updated
2022-10-25
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
Max CVSS
5.9
EPSS Score
0.13%
Published
2018-10-10
Updated
2022-10-25
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
Max CVSS
4.3
EPSS Score
0.26%
Published
2018-10-10
Updated
2022-10-25
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
Max CVSS
5.3
EPSS Score
0.23%
Published
2018-10-10
Updated
2022-10-25
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.44%
Published
2018-04-10
Updated
2022-10-25
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-04-10
Updated
2022-10-25
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!