imagemagick:encoder_heic_fuzzer: Stack-buffer-overflow in void put_epel_hv_fallback<unsigned short>

Detailed Report: https://oss-fuzz.com/testcase?key=5124285033873408 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderheicfuzzer Job Type: libfuzzerasani386imagemagick Platform Id: linux Crash Type: Stack-buffer-overflow READ 2 Crash Address: 0xffe16451 Crash State: void...

OSV-2020-1835 Stack-buffer-overflow in fmt::v7::detail::buffer<char>::push_back

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25884 Crash type: Stack-buffer-overflow READ 1 Crash state: fmt::v7::detail::buffer::pushback std::1::backinsertiterator ::operator= fmt::v7::detail::bufferappender std::1::copyconstexprchar const, f...

OSV-2020-1834 Stack-buffer-overflow in onigenc_unicode_get_case_fold_codes_by_str

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25893 Crash type: Stack-buffer-overflow WRITE 4 Crash state: onigencunicodegetcasefoldcodesbystr utf16begetcasefoldcodesbystr unravelcasefoldstring...

oniguruma:fuzzer: Stack-buffer-overflow in onigenc_unicode_get_case_fold_codes_by_str

Project: https://github.com/kkos/oniguruma.git Detailed Report: https://oss-fuzz.com/testcase?key=5142910239244288 Project: oniguruma Fuzzing Engine: afl Fuzz Target: fuzzer Job Type: aflasanoniguruma Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address: 0x7ffc76be7664 Crash...

libfmt:fuzzer_named_arg: Stack-buffer-overflow in fmt::v7::detail::buffer<char>::push_back

Detailed Report: https://oss-fuzz.com/testcase?key=5201197777289216 Project: libfmt Fuzzing Engine: honggfuzz Fuzz Target: fuzzernamedarg Job Type: honggfuzzasanlibfmt Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7fff5c6570b8 Crash State:...

Arbitrary Code Execution

gdb is vulnerable to arbitrary code execution. The vulnerability exists through a stack buffer overflow when printing bad bytes in Intel Hex objects...

OSV-2020-1820 Stack-buffer-overflow in hermes::regex::Parser<hermes::regex::Regex<hermes::regex::UTF16RegexTraits>, cha

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25815 Crash type: Stack-buffer-overflow READ 2 Crash state: hermes::regex::Parser, cha hermes::regex::Parser, cha hermes::regex::Parser, cha...

hermes:fuzzer-jsi-entry: Stack-buffer-overflow in hermes::regex::Parser<hermes::regex::Regex<hermes::regex::UTF16RegexTraits>, cha

Project: https://github.com/facebook/hermes.git Detailed Report: https://oss-fuzz.com/testcase?key=5645974943563776 Project: hermes Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-jsi-entry Job Type: libfuzzerasanhermes Platform Id: linux Crash Type: Stack-buffer-overflow READ 2 Crash Address:...

OSV-2020-1805 Stack-buffer-overflow in rijndaelSetupEncrypt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21329 Crash type: Stack-buffer-overflow READ 1 Crash state: rijndaelSetupEncrypt rijndaelSetupDecrypt aesdecrypt...

Adobe Framemaker Stack Buffer Overflow Vulnerability

Adobe FrameMaker is a document processing program for writing and editing large or complex documents, including structured documents. A stack buffer overflow vulnerability exists in Adobe Framemaker 2019.0.6 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary cod...

OSV-2020-1715 Stack-buffer-overflow in ndpi_search_kerberos

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25446 Crash type: Stack-buffer-overflow READ 1 Crash state: ndpisearchkerberos checkndpiudpflowfunc ndpicheckflowfunc...

ndpi:fuzz_process_packet: Stack-buffer-overflow in ndpi_search_kerberos

Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5911626486906880 Project: ndpi Fuzzing Engine: afl Fuzz Target: fuzzprocesspacket Job Type: aflasanndpi Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7ffcad929a57 Crash Stat...

squid:4 security update

libecap squid 7:4.4-8.2 - Resolves: 1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: 1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling could result in cache poisoning 7:4.4-8.1 - Resolves: 1828368 - CVE-2019-12519 squid:...

uwebsockets:TopicTree: Stack-buffer-overflow in uWS::TopicTree::trimTree

Project: https://github.com/uNetworking/uWebSockets.git Detailed Report: https://oss-fuzz.com/testcase?key=4864981424930816 Project: uwebsockets Fuzzing Engine: libFuzzer Fuzz Target: TopicTree Job Type: libfuzzerasanuwebsockets Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 8 Crash...

rnp:fuzz_keyring: Stack-buffer-overflow in stream_write_key

Project: https://github.com/rnpgp/rnp.git Detailed Report: https://oss-fuzz.com/testcase?key=5745453998800896 Project: rnp Fuzzing Engine: libFuzzer Fuzz Target: fuzzkeyring Job Type: libfuzzerasanrnp Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7fff35f15c68 Crash...

Stack overflow

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

CVE-2020-24055

The CVE-2020-24055 entry applies to Verint 5620PTZ and Verint V4320 series (Firmwares: Verint_FW_0_42, V4320_FW_0_23, V4320_FW_0_31). An autodiscovery service in /usr/sbin/DM listens on TCP port 6666 and is vulnerable to a stack-based buffer overflow. The service requires no authentication, enabl...

CVE-2020-24055

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

The vulnerability of Moxa EDR-G902 and Moxa EDR-G903 router microprogramming software lies in buffer overflow in the stack, allowing attackers to execute arbitrary code.

The vulnerability of Moxa EDR-G902 and Moxa EDR-G903 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted cookie file...

MSI Ambient Link Multiple Vulnerabilities

1. Advisory Information Title: MSI Ambient Link Multiple Vulnerabilities Advisory ID: CORE-2020-0012 Advisory URL: https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities Date published: 2020-08-19 Date of last update: 2020-08-19 Vendors contacted: MSI Release...