Security Advisories

Privilege Escalation Leads to RCE in Medplum

CSV/Formula Injection in Medplum

CVE-2022-38301: Path Traversal in Onedev v7.4.14

CVE-2020-7246:Path Traversal in qdPM 9.1

CVE-2020-15896:Authentication Bypass in D-link Firmware DAP-1522

CVE-2020-15892:Classic Stack Based Buffer Overflow in D-LINK Firmware DAP 1520

Multiple Vulnerabilities discovered in the D-link Firmware DIR-816L

CVE-2020-15873: Blind SQL Injection in Librenms

Improper access control in D-link Firmware DIR-601

CVE-2020-10810: Null pointer dereference in H5AC.c – HDF5 – 1.13.0

CVE-2020-10811: Heap buffer overflow in H5Olayout.c – HDF5 – 1.13.0

CVE-2020-10812: Null pointer dereference in H5Fquery.c – HDF5 – 1.13.0

CVE-2020-10809: Heap overflow in decompress.c – HDF5 – 1.13.0

Null pointer dereference in function calculate_beam() – abcm2ps – 1.8.2

Null pointer dereference in function draw_bar() – abcm2ps – 1.8.2

Divide By Zero vulnerability in function parse_len() – abcm2ps – 1.8.2

Path Traversal in pfSense

CVE-2019-12901: Multiple Vulnerabilities in Pydio Cells [1.4.1]

CVE-2019-11026: Stack-based Buffer Overflow in error () – poppler 0.75.0

CVE-2019-11024: Infinite loop in function load_pnm( ) – Libsixel – 1.8.2

CVE-2019-11023: Null pointer dereference in function agroot() – Graphiz-2.39.20160612.1140

CVE-2019-9904: Stack buffer overflow in function agclose() - graphviz

CVE-2019-9878: Invalid memory access in GfxIndexedColorSpace::mapColorToBase( ) -pdfalto-0.2

Null pointer Deference in function AnnotsXrce::AnnotsXrce( ) - pdfalto-0.2

CVE-2019-9877: Invalid memory access in TextPage::findGaps() - xpdf-4.01

CVE-2019-9903: Stack-based Buffer Overflows in Dict::find() – poppler 0.74.0

CVE-2019-9543: Recursive function call in function JBIG2Stream::readGenericBitmap() – poppler 0.74.0

CVE-2019-9544: Out of bounds write in function AP4_CttsTableEntry::AP4_CttsTableEntry() - Bento4-1.5.1.0

CVE-2019-9587: Stack consumption issue in function md5Round1( ) - xpdf-4.01

CVE-2019-9545: Recursive function call in function JBIG2Stream::readTextRegion() - poppler 0.74.0

CVE-2019-9589: NULL POINTER DEREFERENCE Vulnerability in function PSOutputDev::setupResources( ) - xpdf-4.01

CVE-2019-9199: Null pointer Dereference vulnerability in setSource() - podofo 0.9.6-trunk r1967

CVE-2019-9588: Invalid memory access in gAtomicIncrement( ) - xpdf-4.01

CVE-2019-9200: Heap based Buffer Underwrite in ImageStream::getLine() - poppler 0.74.0

CVE-2019-9144: Uncontrolled recursion loop in Exiv2::(anonymous namespace)::BigTiffImage::printIFD( ) - exiv2-0.27

CVE-2019-9143: Uncontrolled recursion loop in Exiv2::Image::printTiffStructure() - exiv2-0.27

CVE-2019-8383: Invalid memory access in adv_png_unfilter_8( ) - advancecomp

CVE-2019-8378: A heap-buffer-overflow vulnerability in the function AP4_BitStream::ReadBytes() - Bento4-1.5.1-628

CVE-2019-8379: Null pointer dereference vulnerability in the function be_uint32_read() - advancecomp

CVE-2019-8382: NULL POINTER DEREFERENCE Vulnerability in function AP4_List:Find() - Bento4-1.5.1-628

CVE-2019-8376: NULL POINTER DEREFERENCE Vulnerability in function get_layer4_v6() - tcpreplay-4.3.1

CVE-2019-8381: Invalid memory access Vulnerability in function do_checksum() - tcpreplay-4.3.1

CVE-2019-8377: NULL POINTER DEREFERENCE Vulnerability in function get_ipv6_l4proto() - tcpreplay-4.3.1

CVE-2019-8380: NULL POINTER DEREFERENCE Vulnerability in function AP4_Track::GetSampleIndexForTimeStampMs() - Bento4-1.5.1-628

CVE-2019-7172: Vulnerability discovered in the package ATutor

CVE-2019-7170: Multiple Vulnerabilities discovered in the package Croogo

CVE-2019-6990: Multiple Vulnerabilities identified in ZoneMinder

CVE-2018-20723: Multiple Vulnerabilities discovered in the package Cacti

Out-of-bounds read vulnerability in the function calculate_beam() - abc2mps 8.14.1

Null pointer dereference vulnerability in the function show( ) - abc2mps 8.14.1

Null pointer dereference vulnerability in the function ps_exec() - abcm2ps-8.14.1

Null pointer dereference vulnerability in the function init_music_line( ) - abcm2ps-8.14.1

Null pointer dereference vulnerability in the function d_cresc() - abcm2ps-8.14.1

Null pointer dereference vulnerability in the function d_trill() - abcm2ps-8.14.1

Null pointer dereference vulnerability in the function get_user() - abcm2ps-8.14.1

Null pointer dereference vulnerability in the function deco_define() - abcm2ps-8.14.1

Null pointer dereference vulnerability in crop_page() – podofo 0.9.6

CVE-2018-19532: Null pointer dereference vulnerability in PdfTranslator::setTarget() - podofo 0.9.6

Buffer overflow vulnerability in PS_options() - gnuplot 5.2.5

CVE-2018-18407: Heap overflow in csum_replace4() - tcpreplay 4.3

CVE-2018-18408: Use-after-free in post_args() - tcpreplay 4.3.0-beta1

Null pointer dereference vulnerability in main() - giflib 5.1.4

CVE-2018-18409: Stack buffer overflow vulnerability in setbit() - tcpflow 1.5.0

CVE-2018-17974: Heap based Buffer Over-read vulnerability in dlt_en10mb_encode() - tcpreplay 4.3

CVE-2018-17580: Heap based Buffer Over-read vulnerability in fast_edit_packet() - tcpreplay 4.3

CVE-2018-17582: Heap based Buffer Over-read vulnerability in get_next_packet() - tcpreplay 4.3

CVE-2018-17436: Invalid write memory access vulnerability in HDF5 1.10.3

CVE-2018-17435: Heap based Buffer over-read vulnerability in HDF5 1.10.3

CVE-2018-17432: NULL pointer dereference vulnerability in HDF5 1.10.3

CVE-2018-17439: Stack overflow vulnerability in HDF5 1.10.3

CVE-2018-15672: Multiple Divide by Zero in HDF5 (1.10.2, 1.10.3)

CVE-2018-17234: Memory leak vulnerability in HDF5 1.10.3

Unrestricted resource consumption in wilmidi 0.4.3

Denial of service in VCFtools 0.1.16

Out-of-bound read in fig2dev 3.2.7a

CVE-2018-16140: Buffer under write vulnerability in fig2dev 3.2.7a

Memory corruption in fig2dev 3.2.7a

NULL pointer dereference in fig2dev 3.2.7a

CVE-2018-15671: Stack Overflow vulnerability in HDF5 1.10.2

Invalid memory access in BCFtools 1.9

Buffer overflow in VCFtools 0.1.16