Security Bulletin: Vulnerability in International Components for Unicode (ICU4C) affects IBM InfoSphere DataStage (CVE-2016-7415)

Summary An International Components for Unicode ICU4C vulnerability was addressed by IBM InfoSphere DataStage. Vulnerability Details CVEID: CVE-2016-7415 DESCRIPTION: International Components for Unicode ICU is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the...

Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)

Summary IBM DB2 for LUW bundles a XMLC library that is affected by CVE-2016-0729. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially crafted statement. This may cause the DB2 server to terminate abnormally or execute arbitary code. Vulnerability Details CVE-I...

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)

Summary The vulnerabilities have been addressed in the libxml2 component of IBM Cognos Metrics Manager Vulnerability Details CVEID: CVE-2016-3705 DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck and xmlParseAttValueComple...

Security Bulletin: Vulnerability in GNU C Library(glibc) affects WebSphere DataPower XC10 Appliance(CVE-2015-7547) - Revised fix available

Summary A GNU C Libraryglibc vulnerability with a stack based overflow was addressed by WebSphere DataPower XC10 Appliance. On Friday March 11th 2016, a fix was published to resolve this security vulnerability. However, that fix needed revision. A corrected fix is now available. Vulnerability...

Natus Xltek NeuroWorks

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Natus Medical, Inc. Natus Equipment: Natus Xltek NeuroWorks software Vulnerabilities: Stack-Based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these...

SUSE-SU-2018:1660-1 Security update for pdns

This update for pdns fixes the following issues: Security issues fixed: - CVE-2018-1046: Fix an issue with replaying a specially crafted PCAP file that can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution bsc1092540...

[ASA-201806-7] flashplugin: multiple issues

Arch Linux Security Advisory ASA-201806-7 ========================================= Severity: Critical Date : 2018-06-09 CVE-ID : CVE-2018-4945 CVE-2018-5000 CVE-2018-5001 CVE-2018-5002 Package : flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-716 Summary...

CVE-2018-4249

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglripfilterinput in com.apple.packet-mangler in the "Kernel" component. It allows attackers to...

Integer overflow

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglripfilterinput in com.apple.packet-mangler in the "Kernel" component. It allows attackers to...

CVE-2018-4249

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglripfilterinput in com.apple.packet-mangler in the "Kernel" component. It allows attackers to...

FreeBSD : Flash Player -- multiple vulnerabilities (2dde5a56-6ab1-11e8-b639-6451062f0f7a)

Adobe reports : - This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4945. - This update resolves an integer overflow vulnerability that could lead to information disclosure CVE-2018-5000. - This update resolves an out-of-bounds read...

CVE-2018-11685

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c...

CVE-2018-11683

Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440...

Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4945. This update resolves an integer overflow vulnerability that could lead to information disclosure CVE-2018-5000. This update resolves an out-of-bounds read vulnerability th...

KLA11261 Multiple vulnerabilities in Adobe Flash player

Multiple serious vulnerabilities have been found in Adobe Flash player. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information. Below is a complete list of vulnerabilities: 1. Type Confusion vulnerability in Adobe Flash player can be exploited...

Stack overflow

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers...

CVE-2018-10058

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers...

Delta Industrial Automation DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CentOS Update for librelp CESA-2018:1223 centos7

Check the version of librelp SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882898";...