An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.

In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.

Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.

Snare for Linux before 1.7.0 has CSRF in the web interface.

Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.

Koala Framework before 2011-11-21 has XSS via the request_uri parameter.

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.