ABB IDAL HTTP Server Stack Buffer Overflow (CVE-2019-7232)

A stack buffer overflow vulnerability exists in ABB IDAL HTTP Server. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a...

EulerOS 2.0 SP5 : cups (EulerOS-SA-2020-1096)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cups: stack-buffer-overflow in libcups's asn1gettype function.CVE-2019-8675 - cups: stack-buffer-overflow in libcups's asn1gettype...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2020-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

imagemagick:encoder_radial-gradient_fuzzer: Stack-buffer-overflow in ReadGRADIENTImage

Project: https://github.com/imagemagick/imagemagick.git Detailed Report: https://oss-fuzz.com/testcase?key=5659238976454656 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encoderradial-gradientfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

openthread:ip6-send-fuzzer: Stack-buffer-overflow in ot::ExtendedTlv::GetLength

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5751684162912256 Project: openthread Fuzzing Engine: honggfuzz Fuzz Target: ip6-send-fuzzer Job Type: honggfuzzasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow READ 2 Crash...

PostgreSQL Database Password Change Stack Buffer Overflow (CVE-2019-10164)

A stack buffer overflow exists in PostgreSQL Database. The vulnerability is due to a stack buffer overflow when setting a password. A remote, authenticated attacker could send a crafted request in order to trigger the vulnerability. Successful exploitation will result in arbitrary code execution...

opensc:fuzz_pkcs15_reader: Stack-buffer-overflow in sc_pkcs15emu_gemsafeGPK_init

Project: https://github.com/OpenSC/OpenSC.git Detailed Report: https://oss-fuzz.com/testcase?key=5682366024777728 Project: opensc Fuzzing Engine: libFuzzer Fuzz Target: fuzzpkcs15reader Job Type: libfuzzerasanopensc Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address:...

binutils:fuzz_disassemble: Stack-buffer-overflow in objdump_sprintf

Detailed Report: https://oss-fuzz.com/testcase?key=5763790471954432 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7ffe5f5bd160 Crash State: objdumpsprintf...

binutils:fuzz_disassemble: Stack-buffer-overflow in objdump_sprintf

Detailed Report: https://oss-fuzz.com/testcase?key=5648977540415488 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7fff90210240 Crash State: objdumpsprintf prt...

binutils:fuzz_disassemble: Stack-buffer-overflow in objdump_sprintf

Detailed Report: https://oss-fuzz.com/testcase?key=5660495032090624 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7ffe5f9deea0 Crash State: objdumpsprintf...

binutils:fuzz_disassemble: Stack-buffer-overflow in objdump_sprintf

Detailed Report: https://oss-fuzz.com/testcase?key=5073917066870784 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7ffd30c9ffa5 Crash State: objdumpsprintf...

binutils:fuzz_disassemble: Stack-buffer-overflow in objdump_sprintf

Detailed Report: https://oss-fuzz.com/testcase?key=5663200928595968 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7ffce0fe8ba2 Crash State: objdumpsprintf...

Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097)

Summary Aspera Web Application Faspex, Console, Shares, Orchestrator have affected the following Apache vulnerabilities. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of...

janus-gateway:rtcp_fuzzer: Dynamic-stack-buffer-overflow in janus_rtcp_incoming_transport_cc

Project: https://github.com/meetecho/janus-gateway.git Detailed Report: https://oss-fuzz.com/testcase?key=5648598425665536 Project: janus-gateway Fuzzing Engine: afl Fuzz Target: rtcpfuzzer Job Type: aflasanjanus-gateway Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 2 Crash...

CVE-2020-6060

A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple...

CVE-2020-6060

Mini-SNMPD 1.4 is affected by a stack-based buffer overflow when handling multiple connections due to flawed socket list cleanup that can leave a -1 fd and trigger a process crash via FD_SET in select loops. TALOS advisories detail an exploit path and crash conditions, confirming the vulnerabilit...

Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to...

CVE-2014-8321

Stack-based buffer overflow in the gpstracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors...

ffmpeg:ffmpeg_BSF_HEVC_METADATA_fuzzer: Stack-buffer-overflow in cbs_h265_read_st_ref_pic_set

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5707770718584832 Project: ffmpeg Fuzzing Engine: afl Fuzz Target: ffmpegBSFHEVCMETADATAfuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address:...