CVE-2018-18989

In CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior, when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code unde...

Design/Logic Flaw

In FreeBSD before 11.2-STABLEr341486 and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause...

CVE-2018-17160

In FreeBSD before 11.2-STABLEr341486 and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause...

CVE-2018-17160

In FreeBSD before 11.2-STABLEr341486 and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause...

FreeBSD -- Insufficient bounds checking in bhyve(8) device model

Problem Description: Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact: A guest OS using a firmware image can cause the bhyve process to...

FreeBSD-SA-18:14.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:14.bhyve Security Advisory The FreeBSD Project Topic: Insufficient bounds checking in bhyve8 device model Category: core Module: bhyve Announced: 2018-12-04...

CVE-2018-1897

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462...

CVE-2018-1897

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462...

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4288)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4288 advisory. - scsi: sg: allocate with GFPZERO in sgbuildindirect Alexander Potapenko Orabug: 28892656 CVE-2018-1000204 Tenable has extracted the preceding...

FreeBSD NFS Server Code Flaw Vulnerability (CNVD-2018-26666)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project run by the Core Team, and is an important branch of Unix-like operating systems developed through BSD, 386BSD, and 4.4BSD.NFS server is one of the network file system servers. A security vulnerability exists in the NFS...

Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20181127)

Security Fixes : - ghostscript: .tempfile file permission issues 699657 CVE-2018-15908 - ghostscript: shadingparam incomplete type checking 699660 CVE-2018-15909 - ghostscript: missing type check in type checker 699659 CVE-2018-16511 - ghostscript: incorrect access checking in temp file handling ...

ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)

It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document...

ghostscript: shading_param incomplete type checking (699660)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript docume...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

RHEL 7 : ghostscript (RHSA-2018:3650)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3650 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

DameWare Remote Support Buffer Overflow Vulnerability (CVE-2013-3249) - Windows

DameWare Remote Support is prone to a local buffer overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1373)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could...

CVE-2018-6066

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...