New Spectre-Level Flaw Targets Return Stack Buffer

Researchers have discovered yet another speculative execution side-channel flaw enabling attackers to access sensitive data at the CPU level. The new Spectre-class exploit, dubbed SpectreRSB, was detailed by researchers from the University of California at Riverside in a research paper on Friday...

imagemagick/encoder_tiff_fuzzer: Stack-buffer-overflow in _TIFFVGetField

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5646197065777152 Project: imagemagick Fuzzer: aflimagemagickencodertifffuzzer Fuzz target binary: encodertifffuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

mupdf/mupdf_pdf_fuzzer: Stack-buffer-underflow in ps_index

Detailed report: https://oss-fuzz.com/testcase?key=5246375359938560 Project: mupdf Fuzzer: aflmupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: aflasanmupdf Platform Id: linux Crash Type: Stack-buffer-underflow READ 8 Crash Address: 0x7ff1ddc79818 Crash State: psindex psrun evalpostscriptfun...

Denial Of Service (DoS)

libsndfile.so is vulnerable to denial of service DoS attacks. The vulnerability exists in psfmemset of src/common.c due to the lack of sanity check on the value used in the memset function, allowing a stack buffer overflow to occur, causing a DoS attack...

EulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)

According to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec CVE-2018-1124 - procps-ng, procps: incorrect integer size in...

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

Exploit Title: Delta Electronics Delta Industrial Automation COMMGR - Remote STACK-BASED BUFFER OVERFLOW Date: 02.07.2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.deltaww.com/ Software Link:...

Debian DLA-1397-1 : php5 security update

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : CVE-2018-7584 A stack-buffer-overflow while parsing HTTP response results in copying a large string and possible memory corruption and/or denial of service CVE-2018-10545 Dumpable FPM child...

CVE-2018-10594

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM5x0, AHSIM5x1 utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific...

CVE-2018-10594

Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM5x0, AHSIM5x1 utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific...

CVE-2018-10594

CVE-2018-10594 — Delta Electronics COMMGR stack buffer overflow family: Delta Industrial Automation COMMGR (v1.08 and earlier) with PLC simulators (DVPSimulator EH2/EH3/ES2/SE/SS2 and AHSIM_5x0/5x1). Root cause: a fixed-length stack buffer is written when an unverified length value read from a ne...

Security Bulletin: Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in supporting products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details This security bulletin covers multiple vulnerabilities in...

Security Bulletin: Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184

Summary A vulnerability in the IBM Tivoli Storage Manager TSM client could allow a local user to gain elevated privileges due to a stack-based buffer overflow. Vulnerability Details CVEID: CVE-2014-6184 DESCRIPTION: IBM Tivoli Storage Manager is vulnerable to a stack buffer overflow. A local...

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational RequisitePro (CVE-2015-1283, CVE-2015-4947, CVE-2015-3183)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational RequisitePro. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult these security bulletins: Security...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947)

Summary There are multiple vulnerabilities in IBM HTTP Server IHS that is used by IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89...

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Security Access Manager for Enterprise Single Sign On (CVE-2015-1283, CVE-2015-4947, CVE-2015-3183)

Summary IBM HTTP Server is shipped as a component of IBM Security Access Manager for Enterprise Single Sign On ISAM ESSO. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Deni...

Security Bulletin: PostgreSQL 9.2.8 as used in IBM QRadar SIEM 7.2.4 and IBM QRadar SIEM 7.1 MR2 is vulnerable to allow a remote authenticated attacker to obtain sensitive information. (CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244)

Summary Multiple security vulnerabilities have been discovered in the PostgreSQL component bundled with IBM QRadar version 7.1.x and 7.2.x. Vulnerability Details CVE-ID: CVE-2014-8161 Description: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a...

Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094)

Summary IBM DB2 is vulnerable to a stack buffer overflow, caused by improper bounds checking in the handling of the ALTER MODULE statement. Vulnerability Details CVE ID: CVE-2014-3094 DESCRIPTION: DB2 is vulnerable to a stack buffer overflow attack, caused by improper bounds checking in the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM API Management (CVE-2015-4947 CVE-2015-1283 CVE-2015-1788)

Summary There are multiple vulnerabilities in IBM HTTP Server 8.5.5.4 that is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer...

Disk Sorter HTTP POST Request Handling Remote Stack Buffer Overflow

Disk Sorter product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...

Disk Savvy HTTP POST Request Handling Remote Stack Buffer Overflow

Disk Savvy product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...