CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

SUSE-SU-2019:2475-1 Security update for u-boot

This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution bsc1144656. - CVE-2019-13104: Fixed an underflow that could cause memcpy to overwrite a very large amount of data v...

SUSE-SU-2019:2474-1 Security update for u-boot

This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution bsc1144656. - CVE-2019-13104: Fixed an underflow that could cause memcpy to overwrite a very large amount of data v...

The vulnerability of the embedded web-server microprogramming software in Moxa PT-7528 and Moxa PT-7828 Ethernet switches allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the embedded web-server microprogramming software for Moxa PT-7528 and Moxa PT-7828 switches is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or trigger a service failure using a specially crafted...

OPENSUSE-SU-2019:2180-1 Security update for bird

This update for bird fixes the following issues: - CVE-2019-16159: Fixed a stack-based buffer overflow via administrative shutdown communication messages. bnc1150108 This update was imported from the openSUSE:Leap:15.1:Update update project...

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1990)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could...

KLA11591 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Vulnerability related to document.domain can be exploited...

xvid:fuzzer-decoder: Stack-buffer-overflow in BitstreamReadHeaders

Detailed Report: https://oss-fuzz.com/testcase?key=5638255688548352 Project: xvid Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzerasanxvid Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address: 0x7fff6d7f8058 Crash State: BitstreamReadHeaders...

openthread:ip6-send-fuzzer: Stack-buffer-overflow in ot::Message::Read

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5682816276234240 Project: openthread Fuzzing Engine: libFuzzer Fuzz Target: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash...

openthread:radio-receive-done-fuzzer: Stack-buffer-overflow in ot::NetworkData::Leader::SendCommissioningGetResponse

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5741928179564544 Project: openthread Fuzzing Engine: libFuzzer Fuzz Target: radio-receive-done-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow REA...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server regression (USN-4113-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4113-2 advisory. USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager...

DEBIAN-CVE-2019-16395

GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...

USN-4113-2: Apache HTTP Server regression

USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered...

Pulse Connect Secure Stack Buffer Overflow (CVE-2019-11542)

A stack buffer overflow vulnerability exists in Pulse Connect Secure SSL VPN. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the effected system...

cryptofuzz:cryptofuzz-openssl-110: Stack-buffer-overflow in RC5_32_set_key

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5667636637073408 Project: cryptofuzz Fuzzing Engine: afl Fuzz Target: cryptofuzz-openssl-110 Job Type: aflasancryptofuzz Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash...

openthread:ip6-send-fuzzer: Stack-buffer-overflow in ot::Message::Write

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5691354285342720 Project: openthread Fuzzing Engine: afl Fuzz Target: ip6-send-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)

The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a...

libhevc:hevc_dec_fuzzer: Stack-buffer-overflow in ihevcd_ref_list

Project: https://android.googlesource.com/platform/external/libhevc Detailed Report: https://oss-fuzz.com/testcase?key=5637475766108160 Project: libhevc Fuzzing Engine: afl Fuzz Target: hevcdecfuzzer Job Type: aflasanlibhevc Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash...

Ubuntu: Security Advisory (USN-4113-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-4113-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4113-1 advisory. Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some...