EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2257)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing...

Debian DSA-4561-1 : fribidi - security update

Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in denial of service or potentially the execution of arbitrary code, when processing a large number of unicode isolate directional...

EulerOS 2.0 SP5 : xerces-c (EulerOS-SA-2019-2199)

According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested...

MGASA-2019-0311 Updated aspell packages fix security vulnerability

Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character CVE-2019-17544...

[ASA-201910-15] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201910-15 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Package : thunderbird Type : multiple issues...

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-17145

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-17424

A stack-based buffer overflow in the processPrivilage function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers serving firewall configuration files to achieve Remote Code Execution or Denial Of Service via a crafted file...

CVE-2019-17424

CVE-2019-17424 affects nipper-ng 0.11.10. A stack-based buffer overflow in the function processPrivilage() (IOS/process-general.c) may be triggered by processing a crafted firewall configuration file, enabling remote attackers to achieve Remote Code Execution or Denial of Service. Public details ...

[SECURITY] [DLA 1966-1] aspell security update

Package : aspell Version : 0.60.720110707-1.3+deb8u1 CVE ID : CVE-2019-17544 It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. For Debian 8 "Jessie",...

Security Bulletin: Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics

Summary Open Source Binutils and OpenSSL is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2014-9939 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a stack-based buffer overflow in ihex.c. By using...

AVEVA Vijeo Citect and Citect SCADA (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit --------- Begin Update A Part 1 of 5 --------- Vendor: AVEVA and Schneider Electric Equipment: AVEVA’s Vijeo Citect and Citect SCADA; Schneider Electric’s Power SCADA Operation --------- End Update A Part...

Stack overflow

In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued...

CVE-2019-17601

CVE-2019-17601 affects MiniShare 1.4.1 and is due to a stack-based buffer overflow triggered by an HTTP CONNECT request, allowing arbitrary code execution. The vulnerability is identified across multiple records (NVD, Red Hat, CVE lists) and is described as a stack-based overflow in MiniShare 1.4...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2019-0206)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long...

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...

CVE-2018-14879

An out-of-bounds write vulnerability was discovered in tcpdump while reading the file passed to the -V option of the command line program. An attacker may abuse this flaw by tricking a victim user into using a malicious file with the -V option, which would make the program read one byte before a...

AZL-7266 CVE-2019-17455 affecting package libntlm for versions less than 1.6-1

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request...

CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request...