8440 matches found
CVE-2018-7186
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and...
CVE-2018-3849
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...
EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to th...
EulerOS Virtualization 3.0.1.0 : squashfs-tools (EulerOS-SA-2019-1459)
According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attacke...
EulerOS Virtualization 3.0.1.0 : icu (EulerOS-SA-2019-1453)
According to the versions of the icu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Double free in i18n/zonemeta.cpp in International Components for Unicode ICU for C/C++ through 59.1 allows remote attackers to execut...
EulerOS Virtualization 3.0.1.0 : jbigkit (EulerOS-SA-2019-1430)
According to the version of the jbigkit package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a...
EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)
According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version...
Stack overflow
An issue was discovered in Easy File Sharing EFS Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code...
Stack overflow
An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
Stack overflow
An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution...
Stack overflow
An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
Anker Roav A1 Dashcam WifiCmd 9999 Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Anker Roav A1...
Novatek NT9665X XML_UploadFile path overflow code execution vulnerability
Summary An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Tested...
Updated mxml packages fix security vulnerabilities
Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml CVE-2018-2000...
ImageMagick < 7.0.8-44 Multiple vulnerabilities
The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.8-44. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability exists due to a failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this by...
Stack overflow
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable...
CVE-2019-10999
The CVE-2019-10999 issue affects D-Link DCS series cameras with the alphapd web server, via a stack-based buffer overflow triggered by a long WEPEncryption value in wireless.htm. Root cause: improper handling in alphapd leading to remote code execution. Affected devices include DCS-5009L, 5010L, ...
openSUSE Security Update : ImageMagick (openSUSE-2019-1331)
This update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-11007: Fixed a heap-based buffer overflow...
Stack-based Buffer Overflow
Linux kernel is vulnerable to stack-based buffer overflow vulnerability. The vulnerability exists in the sgioctl function in drivers/scsi/sg.c in the Linux kernel. A local user could cause a a denial of service condition or possibly have unspecified other impacts via a large command size in an...
Buffer Overflow
Quagga is vulnerable to stack-based buffer overflow attacks. When a certain VPNv4 configuration is used a remote attacker may crash Quagga BGP routing daemon bgpd which leads to denial of service DoS...