SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2019:0839-1)

This update for file fixes the following issues : The following security vulnerabilities were addressed : Fixed an out-of-bounds read in the function docorenote in readelf.c, which allowed remote attackers to cause a denial of service application crash via a crafted ELF file bsc1096974...

Advantech WebAccess Node bwthinfl Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwthinfl.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Advantech WebAccess Node BwOpcImg Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwOpcImg.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Advantech WebAccess Node bwstwww Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwstwww.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Advantech WebAccess Client upandpr scanf Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within a scanf call in upandpr.exe, which is accessed through the 0x2711 IOCTL in...

Advantech WebAccess Node jpegconv Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within jpegconv.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

[SECURITY] [DLA 1738-1] gpsd security update

Package : gpsd Version : 3.11-3+deb8u1 CVE ID : CVE-2018-17937 Debian Bug : 925327 A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON...

Updated file packages fix security vulnerabilities

The updated file packages fix security vulnerabilities: docorenote in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 docorenote in readelf.c in libmagic.a in file 5.35 allows remote...

CVE-2019-10269

CVE-2019-10269 affects Burrows-Wheeler Aligner (BWA) prior to 2019-01-23. The flaw is a stack-based buffer overflow in the bns_restore function (bntseq.c) caused by a long sequence name in an accompanying .alt file. This vulnerability is documented in multiple security advisories (Ubuntu USN entr...

CVE-2019-10269

BWA aka Burrow-Wheeler Aligner before 2019-01-23 has a stack-based buffer overflow in the bnsrestore function in bntseq.c via a long sequence name in a .alt file...

[ASA-201903-15] imagemagick: arbitrary code execution

Arch Linux Security Advisory ASA-201903-15 ========================================== Severity: Critical Date : 2019-03-28 CVE-ID : CVE-2019-9956 Package : imagemagick Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-931 Summary ======= The package imagemagic...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2019:0766-1)

This update for ovmf fixes the following issues : Security issues fixed : CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe bsc1130267. CVE-2018-12181: Fixed a stack-based buffer overflow in...

openSUSE Security Update : tcpdump (openSUSE-2019-1016)

This update for tcpdump fixes the following issues : Security issues fixed : - CVE-2018-19519: Fixed a stack-based buffer over-read in the printprefix function bsc1117267 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : pdns (openSUSE-2019-403)

This update for pdns fixes the following issues : Security issues fixed : - CVE-2018-1046: Fix an issue with replaying a specially crafted PCAP file that can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution bsc1092540. %NASLMINLEVEL 70300 C Tenabl...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2019:0738-1)

This update for ovmf fixes the following issue : Security issue fixed : CVE-2018-12181: Fixed a stack-based buffer overflow in the HII database when a corrupted Bitmap was used bsc1128503. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

openSUSE Security Update : Chromium (openSUSE-2019-559)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530 : - CVE-2018-6153: Stack-based buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC ...

Amazon Linux AMI : file (ALAS-2019-1186)

dobidnote in readelf.c in libmagic.a has a stack-based buffer over-read, related to fileprintf and filevprintf. CVE-2019-8904 docorenote in readelf.c in libmagic.a has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360 . CVE-2019-8905 docorenot...

Stack overflow

A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions...

CVE-2015-1007

A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions...

CVE-2019-9956

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file...