CVE-2018-5196

The CVE-2018-5196 entry affects ESTsoft ALZip (versions 10.76.0.0 and earlier). The root cause is a stack overflow caused by improper bounds checking when handling specially crafted LZH archives. Exploitation wording from multiple sources indicates that convincing a user to open a malicious LZH f...

Bind server buffer overflow vulnerability

Bind server is a complete implementation of the DNS Domain Name System protocol. A buffer overflow vulnerability exists in Bind server, which can be exploited by a remote attacker to cause a denial of service or possibly execute arbitrary code, due to the program's failure to perform proper bound...

Out-of-bounds

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out-of-bounds write in dsi_opensess.c due to missing bounds checking on attacker-controlled data. A remote unauthenticated attacker could achieve arbitrary code execution (potentially with root privileges). Public exploit activity exists (authentication ...

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

PT-2018-2633

Name of the Vulnerable Software and Affected Versions Netatalk versions prior to 3.1.12 Description The issue is related to a lack of bounds checking on attacker-controlled data in the dsi opensess.c file, which can lead to an out of bounds write. This allows a remote unauthenticated attacker to...

Amazon Linux 2 : kernel (ALAS-2018-1133)

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.CVE-2018-16862 An issue wa...

Rukovoditel Project Management CRM 2.3.1 Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Rukovoditel Project Management/CRM 2.3.1 - Authenticated Remote Code Execution', 'Description' = %q This module...

CentOS Update for ghostscript CESA-2018:3650 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : ghostscript (RHSA-2018:3834)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3834 advisory. - ghostscript: Uninitialized memory access in the aesdecode operator 699665 CVE-2018-15911 - ghostscript: Incorrect free logic in pagedevice...

ghostscript security update

CentOS Errata and Security Advisory CESA-2018:3650 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

The vulnerability of the web interface of Cisco Adaptive Security Appliance (ASA) and Configure Firepower Threat Defense (FTD) allows a perpetrator to cause service interruptions or expose sensitive information.

The vulnerability of the web interface of the microprogramming software for Cisco Adaptive Security Appliances and Configure Firepower Threat Defense is related to insufficient checking of HTTP requests. Exploiting this vulnerability can allow a malicious actor to cause service failures or expose...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27575)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the 'impddrcparsecoeff' function of the impddrcstaticpayload.c file in Android version 9, which stems from a lack of boundary checking in...

Google Android Buffer Overflow Vulnerability (CNVD-2019-27576)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in the 'impdparseloudeqinstructions' function of the impddrcdynamicpayload.c file in Android version 9, which stems from a lack of boundary...

FreeBSD : FreeBSD -- Insufficient bounds checking in bhyve(8) device model (32498c8f-fc84-11e8-be12-a4badb2f4699)

Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact : A guest OS using a firmware image can cause the bhyve process to crash, or possibly...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2018-1404)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: /invalidaccess bypass after failed restore.CVE-2018-16509 - ghostscript: LockDistillerParams type confusion.CVE-2018-15910 -...

Denial Of Service (DoS)

libXres.so is vulnerable to denial of service. Due to a lack of bounds checking in the CARD32 rep.numclients, a remote attacker is able to cause an integer overflow which leads to an underallocation and writing data past the end of the allocated buffer, resulting in denial of service conditions...