CVE-2018-20004

CVE-2018-20004 affects Mini-XML (mxml) 2.12. It describes a stack-based buffer overflow in mxml_write_node (mxml-file.c) triggered via vectors involving a double-precision number and the substring . The issue is documented across multiple advisories (e.g., Mageia MGASA-2019-0159 and Fedora update...

Arbitrary Code Execution

Libraw.so is vulnerable to code execution. An error within the findgreen function in internal/dcrawcommon.cpp allows an attacker to execute code via a stack-based buffer overflow...

EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data CVE-2018-5729 - DN container check bypass by supplying...

EulerOS 2.0 SP3 : zsh (EulerOS-SA-2018-1396)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - zsh: buffer overflow for very long fds in i1/4zi1/4+ fd syntax CVE-2014-10071 - zsh: buffer overflow when scanning very long directory paths for...

CVE-2018-5808

An error within the "findgreen" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

CVE-2018-5805

A boundary error within the "quicktake100loadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash...

CVE-2018-5809

An error within the "LibRaw::parseexif" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

CVE-2018-5805

A boundary error within the "quicktake100loadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash...

CVE-2018-5808

CVE-2018-5808 affects LibRaw prior to version 0.18.9, where an issue in the find_green() function (internal/dcraw_common.cpp) can cause a stack-based buffer overflow and potentially allow arbitrary code execution. Public material in connected documents confirms LibRaw as the affected component an...

CVE-2018-5809

An error within the "LibRaw::parseexif" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

Amazon Linux AMI : zsh (ALAS-2018-1107)

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected i...

Stack overflow

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2018-18993

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior. When processing project files, the application allows input data to exceed the buffer. An attacker could use a...

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of...

CVE-2018-19655

A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...

CVE-2018-19655

A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...

Scientific Linux Security Update : zsh on SL7.x x86_64 (20181030)

Security Fixes : - zsh: Stack-based buffer overflow in genmatchesfiles at compctl.c CVE-2018-1083 - zsh: buffer overflow for very long fds in & fd syntax CVE-2014-10071 - zsh: buffer overflow when scanning very long directory paths for symbolic links CVE-2014-10072 - zsh: NULL dereference in cd i...

RHEL 7 : kernel (RHSA-2018:3651)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3651 advisory. - kernel: stack-based buffer overflow in chapservercomputemd5 in iscsi target CVE-2018-14633 - kernel: NULL pointer dereference in...

CVE-2018-19503

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a stack-based buffer overflow in the function calculategain in libfaad/sbrhfadj.c...

CVE-2018-19503

An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.1. There was a stack-based buffer overflow in the function calculategain in libfaad/sbrhfadj.c...