CVE-2017-2868

CVE-2017-2868 is a vulnerability in the NewProducerStream functionality of Natus Xltek NeuroWorks 8 . The issue stems from parsing a user-provided KeyTree, specifically an unchecked length for the SlowReviewLocalPath used to construct a path, which can overflow a stack buffer and overwrite except...

CVE-2017-2853

CVE-2017-2853 affects Natus Xltek NeuroWorks 8. During processing of the command RequestForPatientInfoEEGfile, the NWStorage component builds a file path from a client-supplied value and uses a stack buffer in a sprintf call, which can overflow and overwrite the SEH chain. This leads to remote co...

CVE-2017-2869

CVE-2017-2869 is a code execution vulnerability in Natus Xltek NeuroWorks 8 OpenProducer. Talos reports a stack-based buffer overflow caused by improper handling of SlowReviewLocalPath data within the KeyTree during OpenProducer processing, which can be triggered remotely by sending a crafted net...

CVE-2017-2867

An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability...

CVE-2017-13276

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

Stack overflow

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1...

CVE-2017-13282

In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1,...

Stack overflow

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

CVE-2017-13281

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1...

CVE-2017-13276

CVE-2017-13276 concerns a stack buffer overflow in the Android tpdec_asc.cpp module, specifically in the function CProgramConfig_ReadHeightExt, caused by a missing bounds check. This vulnerability could enable remote code execution with the attacker having no special privileges beyond a user on t...

CVE-2017-13282

CVE-2017-13282 affects Android where in the function avrc_ctrl_pars_vendor_rsp (file avrc_pars_ct.cc) a missing bounds check can cause a stack buffer overflow. The flaw could allow remote code execution with no privileges or user interaction required, affecting Android versions 7.0, 7.1.1, 7.1.2,...

CVE-2017-13281

CVE-2017-13281 affects Android 8.0–8.1, where avrc_pars_browsing_cmd in avrc_pars_tg.cc can overflow a stack buffer due to an improper bounds check, enabling remote code execution without user interaction. Affected product: Android OS; vulnerable component: avrc_pars_browsing_cmd (in avrc_pars_tg...

CVE-2017-13276

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

Natus Xltek EEG NeuroWorks NewProducerStream Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability...

net-snmp/agentx_parse_fuzzer: Stack-buffer-overflow in agentx_parse_string

Project: git://git.code.sf.net/p/net-snmp/code Detailed report: https://oss-fuzz.com/testcase?key=5727267801006080 Project: net-snmp Fuzzer: libFuzzernet-snmpagentxparsefuzzer Fuzz target binary: agentxparsefuzzer Job Type: libfuzzerasannet-snmp Platform Id: linux Crash Type: Stack-buffer-overflo...

CVE-2017-13282

In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1,...

CVE-2017-13276

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

CVE-2017-13281

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1...

imagemagick/encoder_label_fuzzer: Stack-buffer-overflow in FxGetSymbol

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5659068719955968 Project: imagemagick Fuzzer: aflimagemagickencoderlabelfuzzer Fuzz target binary: encoderlabelfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...

SUSE-SU-2018:0822-1 Security update for librelp

This update for librelp fixes the following issues: CVE-2018-1000140 bsc1086730: librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509...