CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6985

CVE-2020-6985 affects Moxa PT-7528 and PT-7828 Ethernet switches: firmware versions PT-7528 ≤ 4.0 and PT-7828 ≤ 3.9 expose a hard-coded service code for console access. The Red Hat and NVD entries, plus the ICS advisory, confirm a remote-exploitation risk with high-impact vectors (remote, no user...

CVE-2019-19274

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffileinline.c:83, minilzo.c redistributed. The attack vector is: nfdump must read and process a specially crafted file...

SUSE-SU-2019:0231-2 Security update for spice

This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslotgetvirt function that could lead to denial-of-service or code-execution bsc1122706...

CVE-2019-9956

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file...

Linksys ESeries OS Command Injection (CVE-2018-3953; CVE-2018-3954; CVE-2018-3955)

A command injection vulnerability exists in the Linksys E Series line of routers. An attacker can exploit these bugs by sending an authenticated HTTP request to the network configuration service. An attacker could then gain the ability to arbitrarily execute code on the machine...

SUSE-SU-2018:1493-1 Security update for ocaml

This update for ocaml fixes the following issues: - CVE-2018-9838: The camlbadeserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of...

UBUNTU-CVE-2018-1000121

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service...

CVE-2017-17479

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution...

Google Chrome PAC Feature Information Disclosure Vulnerability

Google Chrome is a web browsing tool developed by Google. An information disclosure vulnerability exists in Google Chrome prior to version 52.0.2743.82, where the PAC function net/proxy/proxyservice.cc does not ensure that URL information is restricted to a certain scheme, host, and port. A remot...

[SECURITY] [DSA 3599-1] p7zip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3599-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2016 https://www.debian.org/security/faq -...

MGASA-2016-0065 Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

CVE-2014-8098

The GLX extension in XFree86 4.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index valu...

Debian Security Advisory DSA 3078-1 (libksba - security update)

An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksbaoidtostr function of libksba, an X.509 and CMS PKCS7 library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application...

MGASA-2014-0467 Updated qemu packages fix security vulnerabilities

The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileg...

MGASA-2014-0363 Updated blender package fixes CVE-2014-4607

Updated blender package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The blender package ...

Updated harbour package fixes security vulnerability

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The harbour is built with a bundled copy of minilzo, which is a part of...