CVE-2018-0310

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service DoS condition on the affected product. The vulnerability exists because t...

DEBIAN-CVE-2018-11728

The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs iss...

DEBIAN-CVE-2018-11723

The libpffnametoidmapentryread function in libpffnametoidmap.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub...

DEBIAN-CVE-2018-12096

The liblnkdatastringgetutf8stringsize function in liblnkdatastring.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub...

UBUNTU-CVE-2018-12097

The liblnklocationinformationreaddata function in liblnklocationinformation.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on...

Denial Of Service (DoS)

libexiv2.so is vulnerable to denial of service DoS attacks. A malicious user can pass an image to the Exiv2::Image::io function in image.cpp to cause a buffer overread that can crash the application...

PT-2018-10787 · Libyal · Libfsntfs

Name of the Vulnerable Software and Affected Versions: libfsntfs versions through 2018-04-20 Description: The issue allows remote attackers to cause an information disclosure via a crafted ntfs file. This is due to a heap-based buffer over-read in the libfsntfs mft entry read header function. The...

PT-2018-11011 · Libyal · Liblnk

Name of the Vulnerable Software and Affected Versions: liblnk versions through 2018-04-19 Description: The issue allows remote attackers to cause an information disclosure via a crafted lnk file. This is due to a heap-based buffer over-read in the liblnk data block read function in liblnk data...

Security Bulletin: A vulnerability in curl affects PowerKVM

Summary PowerKVM is affected by a vulnerability in curl. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-1000257 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH respons...

Security Bulletin: IBM QRadar Network Security is affected by a denial of service vulnerability in cURL (CVE-2017-1000257)

Summary IBM QRadar Network Security has addressed the denial of service vulnerability in cURL. Vulnerability Details CVEID: CVE-2017-1000257 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH response, a...

Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities

Summary The libxml2 library, used by IBM Streams may have security vulnerabilities. IBM Streams has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2015-8806 Description: Libxml2 is vulnerable to a denial of service, caused by a heap-buffer overread in dict.c. By persuading a vict...

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679)

Summary IBM API Connect has addressed Apache HTTPD vulnerabilities involving access to sensitive information and potential denial of service. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer...

Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257)

Summary Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. Vulnerability Details CVEID: CVE-2017-1000257 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH response, a remote attacker...

Security Bulletin: Multiple Security Vulnerabilities in IBM HTTP Server (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a speciall...

UBUNTU-CVE-2018-12248

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OPENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber...

DEBIAN-CVE-2018-12248

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OPENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber...

The vulnerability of the avrc_pars_vendor_cmd function in the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.

The vulnerability of the avrcparsvendorcmd function avrcparstg.cc in the Android operating system arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine lies in memory object handling errors, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript scenario handler ChakraCore arises due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

DEBIAN-CVE-2018-11439

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...

Remote Code Execution (RCE) Through Buffer Overread

libfontforge.so is vulnerable to remote code execution RCE0 attacks. A malicious user can pass a ttf file to the application to cause a buffer overread that can crash the application or allow arbitrary code to be executed...