ntp -- multiple vulnerabilities

Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 /...

FreeXL heap buffer out-of-bounds read vulnerability (CNVD-2018-05154)

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A heap buffer out-of-bounds read vulnerability exists in the 'parseSST' function in versions of FreeXL prior to 1.0.5. An attacker can exploit this...

CVE-2018-1056

An out-of-bounds heap buffer read flaw was found in the way advancecomp handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files...

CVE-2018-1056

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files...

CVE-2018-6767

An out-of-bounds stack buffer read flaw was found in WavPack. This flaw could potentially be used to crash WavPack CLI utilities by tricking them into processing specially crafted WAVE files...

Red Hat JBoss Enterprise Application Platform RemoteMessageChannel Buffer Read Vulnerability

The Red Hat JBoss Enterprise Application Platform JBoss EAP is a subscription-based, open source Java EE application server runtime platform for building, deploying and hosting highly transactional Java applications and services. An empty buffer read error vulnerability exists in...

Debian: Security Advisory (DLA-1111-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ClamAV Buffer Out-of-Bounds Read Vulnerability

ClamAV AntiVirus software is a free and open source antivirus software developed by ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A security vulnerability exists in ClamAV AntiVirus software, which stems from the program's failure to properly...

Debian: Security Advisory (DLA-883-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Android Qualcomm WLAN Information Disclosure Vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, with Qualcomm WLAN being one of the components used. Qualcomm WLAN is a wireless LAN component developed by Qualco...

Google Android Qualcomm WLAN Component Information Disclosure Vulnerability (CNVD-2017-31252)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the Google Android Qualcomm WLAN component, which can be exploited by an attacker to obtain sensitive information buffer...

Poppler Heap Buffer Read Vulnerability

Poppler is based on xpdf-3.0 code base PDF rendering library. The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler suffers from a heap buffer read vulnerability that can be exploited by an attacker to launch a denial of service attack...

[SECURITY] [DLA 1111-1] weechat security update

Package : weechat Version : 0.3.8-1+deb7u3 CVE ID : CVE-2017-14727 Debian Bug : 876553 It was discovered that WeeChats logger plugin is vulnerable to an invalid buffer read which can be exploited remotely to trigger an application crash or other undefined behaviour. For Debian 7 "Wheezy", these...

GraphicsMagick coders/rle.c file denial of service vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the ReadRLEImage of the coders/rle.c file in GraphicsMagick version 1.3.26, which fails to properly handle RLE packet...

JasPer Denial of Service Vulnerability (CNVD-2017-25451)

JasPer is a Canadian software developer Michael Adams developed an open source implementation of the JPEG-2000 codec. A denial of service vulnerability exists in JasPer version 2.0.13. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds read and...

CURL-CVE-2017-1000099 FILE buffer read out of bounds

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

cURL -- multiple vulnerabilities

The cURL project reports: FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read...

libming 'OpCode' function denial of service vulnerability (CNVD-2017-20195)

libming is a Flash SWF output library for PHP, Perl, Ruby, Python, C, C ++, Java, and more. The OpCode function called from decompileINCRDECR line 1474 in util/decompile.c in Libming is safe and can be exploited by an attacker to cause a denial of service heap buffer out-of-bounds read with the...

SWFTools 'readBlock()' heap buffer read vulnerability

SWFTools is a suite of open source software tools for creating and manipulating SWF files. A heap buffer read vulnerability exists in the 'readBlock' function of the lib/ttf.c file in SWFTools version 0.9.2. The vulnerability can be exploited to cause a heap buffer out-of-bounds read with the hel...

lrzip denial of service vulnerability (CNVD-2017-06449)

lrzip Long Range ZIP is an open source compression utility for large files. A security bypass vulnerability exists in the 'bufRead::get' function of the libzpaq/libzpaq.h file in liblrzip.so in lrzip version 0.631. A remote attacker could use this vulnerability to cause a denial of service other...