OPENSUSE-SU-2019:0174-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message...

Rockwell Automation RSLinx Classic ENGINE.dll Stack Buffer Overflow (CVE-2019-6553)

Binary data scadarslinxclassiccve-2019-6553.nbin...

Free MP3 CD Ripper Buffer Overflow Vulnerability (CNVD-2019-07812)

Free MP3 CD Ripper is an audio format converter. A stack buffer overflow vulnerability exists in Free MP3 CD Ripper version 2.6. A remote attacker can exploit this vulnerability to execute arbitrary code via specially crafted .mp3 files...

The vulnerability of the ext4_updateInline_data() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4updateInlinedata function in the Linux operating system is related to writing data beyond the buffer boundaries on the stack. Exploiting this vulnerability could allow an attacker to trigger a service failure using a specially created instance of the ext4 file system...

libheif/file-fuzzer: Stack-buffer-overflow in void apply_sao_internal<unsigned short>

Project: https://github.com/strukturag/libheif.git Detailed report: https://oss-fuzz.com/testcase?key=5724458239655936 Project: libheif Fuzzer: libFuzzerlibheiffile-fuzzer Fuzz target binary: file-fuzzer Job Type: libfuzzerasanlibheif Platform Id: linux Crash Type: Stack-buffer-overflow READ 4...

openthread/ip6-send-fuzzer: Stack-buffer-overflow in ot::MeshCoP::ChannelMaskEntry::GetMask

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5629736728920064 Project: openthread Fuzzer: aflopenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow...

CVE-2019-8276

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service DoS. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212...

WAGO PFC200 iocheckd service "I/O-Check" cache DNS code execution vulnerability

Summary An exploitable stack buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send...

CVE-2019-8276

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service DoS. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212...

Stack overflow

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service DoS. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212...

Stack overflow

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...

CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...

Stack overflow

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...

CVE-2019-3922

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...

CVE-2019-3922

The CVE-2019-3922 entry involves the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, vulnerable to a stack buffer overflow triggered by a crafted HTTP POST to /GponForm/fsetup_Form. The vulnerability is exploitable remotely and unauthenticated, potentially allowing arbitrary code e...

CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...

CVE-2019-3922

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...

openthread/cli-uart-received-fuzzer: Stack-buffer-overflow in ot::MeshCoP::Leader::HandlePetition

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5769727228510208 Project: openthread Fuzzer: libFuzzeropenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash...

openthread/radio-receive-done-fuzzer: Stack-buffer-overflow in ot::NetworkData::NetworkData::GetNextOnMeshPrefix

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5765994272784384 Project: openthread Fuzzer: libFuzzeropenthreadradio-receive-done-fuzzer Fuzz target binary: radio-receive-done-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Cra...

openthread/radio-receive-done-fuzzer: Stack-buffer-overflow in ot::NetworkData::NetworkData::PrefixMatch

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5746988237193216 Project: openthread Fuzzer: libFuzzeropenthreadradio-receive-done-fuzzer Fuzz target binary: radio-receive-done-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Cra...