8440 matches found
Stack overflow
bit2spr 1992-06-07 has a stack-based buffer overflow 129-byte write in convbitmap in bit2spr.c via a long line in a bitmap file...
CVE-2020-11528
The CVE-2020-11528 issue affects bit2spr (bitmap format converter). A stack-based buffer overflow occurs in conv_bitmap (bit2spr.c) from a long line in a bitmap file, enabling a 129-byte write overflow. Public sources describe potential arbitrary code execution or a crash. No vendor/product versi...
Updated dcraw packages fix security vulnerabilities
The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...
SUSE SLES12 Security Update : glibc (SUSE-SU-2020:0832-1)
This update for glibc fixes the following issues : CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution bsc1167631. CVE-2020-1751...
SUSE SLES12 Security Update : memcached (SUSE-SU-2020:0843-1)
This update for memcached fixes the following issues : Security issue fixed : CVE-2019-11596: Fixed a NULL pointer dereference in processlrucommand bsc1133817. CVE-2019-15026: Fixed a stack-based buffer over-read bsc1149110. Note that Tenable Network Security has extracted the preceding descripti...
EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when...
Arbitrary Code Execution
imagemagick is vulnerable to arbitrary code execution. A stack-based buffer overflow in coders/pnm.c in WritePNMImage due to an off-by-one error in strncpy allows an attacker to execute arbitrary code on the system...
Stack overflow
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially...
CVE-2020-5344
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially...
Moderate: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
RHEL 7 : php (RHSA-2020:1112)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1112 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Reflected XSS on PHAR 404 page...
CVE-2020-10607
CVE-2020-10607 affects Advantech WebAccess (versions 8.4.2 and earlier). It is a stack-based buffer overflow caused by inadequate validation of the length of user-supplied data, enabling remote code execution. Public sources in the connected set confirm the affected product (WebAccess), the vulne...
CVE-2020-10828
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...
Stack overflow
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 2 of 3...
CVE-2020-10828
CVE-2020-10828 is a stack-based buffer overflow in the cvmd process on DrayTek Vigor3900, Vigor2960, and Vigor300B devices. Versions prior to 1.5.1 are affected and allow remote code execution via a crafted remote HTTP request. This is confirmed by multiple sources in connected documents (vendor ...
CVE-2020-10828
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...
CVE-2020-10827
CVE-2020-10827 refers to a stack-based buffer overflow in the apmd service on Draytek Vigor3900, Vigor2960, and Vigor300B devices. The vulnerability, present in firmware prior to 1.5.1, allows remote code execution via a crafted HTTP request. Multiple connected sources corroborate the affected mo...
CVE-2020-10825
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...
CVE-2020-10825
CVE-2020-10825 affects DrayTek Vigor3900, Vigor2960, and Vigor300B prior to firmware version 1.5.1. The issue is a stack-based buffer overflow in the /cgi-bin/activate.cgi endpoint during base64 decoding of the ticket parameter, which can enable remote code execution via a remote HTTP request. Th...
Moderate: Red Hat Security Advisory: rh-postgresql10-postgresql security update
An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...