Stack overflow

A classic Stack-based buffer overflow exists in the zmLoadUser function in zmuser.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username...

[SECURITY] [DLA 1641-1] mxml security update

Package : mxml Version : 2.6-2+deb8u1 CVE ID : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004 Debian Bug : 825855 918007 Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to...

openSUSE Security Update : ntpsec (openSUSE-2019-82)

This update for ntpsec to version 1.1.3 fixes the following issues : Security issues fixed : - CVE-2019-6442: Fixed a out of bounds write via a malformed config request boo1122132 - CVE-2019-6443: Fixed a stack-based buffer over-read in the ctlgetitem function boo1122144 - CVE-2019-6444: Fixed a...

CVE-2019-6498

GattLib 0.2 has a stack-based buffer over-read in gattlibconnect in dbus/gattlib.c because strncpy is misused...

CVE-2019-6443

An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctlgetitem, there is a stack-based buffer over-read in readsysvars in ntpcontrol.c in ntpd...

CVE-2019-6444

An issue was discovered in NTPsec before 1.1.3. processcontrol in ntpcontrol.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl in ntpd...

CVE-2019-6444

An issue was discovered in NTPsec before 1.1.3. processcontrol in ntpcontrol.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl in ntpd...

CVE-2019-6443

An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctlgetitem, there is a stack-based buffer over-read in readsysvars in ntpcontrol.c in ntpd...

CVE-2019-6444

CVE-2019-6444 affects NTPsec prior to 1.1.3. The issue is a stack-based buffer over-read in ntp_control.c::process_control(), where attacker-controlled data is dereferenced by ntohl() in ntpd. Acts as a remote-network issue; exploitation can lead to information leakage and potential denial of ser...

Denial Of Service (DoS)

ntp is vulnerable to denial of service DoS attacks. The vulnerability exists as a stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash...

Arbitrary Code Execution

flac is vulnerable to arbitrary code execution. A stack-based buffer overflow in streamdecoder.c allows an attacker to pass a malicious FLAC audio file to execute arbitrary code or crash the process when the file is read...

Denial Of Service (DoS)

coreutils is vulnerable to denial of service. The sort, uniq, and join utilities did not properly restrict the use of the alloca function, which allows an attacker to crash those utilities in a stack-based buffer overflow by providing long input strings...

PHP 5.6.x < 5.6.18 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...

PHP 7.0.x < 7.0.21 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...

PHP 7.1.x < 7.1.7 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library LibGD in the gdImageCreateFromGifCtx function within file gdgifin.c...

PHP 7.0.x < 7.0.11 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....

CVE-2018-5410 Dokan file system driver contains a stack-based buffer overflow

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.500...

CVE-2018-5410

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.500...

Stack overflow

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.500...

SUSE SLED12 Security Update : libraw (SUSE-SU-2019:0002-1)

This update for libraw fixes the following issues : Security issues fixed : CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in findgreen function internal/dcrawcommon.cpp bsc1118894. CVE-2018-5805: Fixed a boundary error within the quicktake100loadraw function...