CVE-2019-3922

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...

CVE-2019-3922

The CVE-2019-3922 entry involves the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, vulnerable to a stack buffer overflow triggered by a crafted HTTP POST to /GponForm/fsetup_Form. The vulnerability is exploitable remotely and unauthenticated, potentially allowing arbitrary code e...

CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...

CVE-2019-3922

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetupForm. An attacker can leverage this vulnerability to potentially execute arbitrary code...

openthread/cli-uart-received-fuzzer: Stack-buffer-overflow in ot::MeshCoP::Leader::HandlePetition

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5769727228510208 Project: openthread Fuzzer: libFuzzeropenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash...

openthread/radio-receive-done-fuzzer: Stack-buffer-overflow in ot::NetworkData::NetworkData::GetNextOnMeshPrefix

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5765994272784384 Project: openthread Fuzzer: libFuzzeropenthreadradio-receive-done-fuzzer Fuzz target binary: radio-receive-done-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Cra...

openthread/radio-receive-done-fuzzer: Stack-buffer-overflow in ot::NetworkData::NetworkData::PrefixMatch

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5746988237193216 Project: openthread Fuzzer: libFuzzeropenthreadradio-receive-done-fuzzer Fuzz target binary: radio-receive-done-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Cra...

MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate...

Oracle GoldenGate Manager Command Stack Buffer Overflow (CVE-2018-2913)

A stack-based buffer overflow exists in Oracle GoldenGate Manager. The vulnerability is due an input validation error when processing overly long command name. Successful exploitation could lead to arbitrary code execution...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified oth...

HPE Intelligent Management Center Stack Buffer Overflow (CVE-2018-7115)

A stack-based buffer overflow exists in the component of HPE Intelligent Management Center. The vulnerability is due to a lack of proper validation. Successful exploitation of this vulnerability could result in execution of arbitrary code on the target server...

capstone/fuzz_disasmnext: Stack-buffer-overflow in SStream_concat

Detailed report: https://oss-fuzz.com/testcase?key=5639352435081216 Project: capstone Fuzzer: aflcapstonefuzzdisasmnext Fuzz target binary: fuzzdisasmnext Job Type: aflasancapstone Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 5 Crash Address: 0x7f4820a63634 Crash State: SStreamconca...

SUSE-SU-2019:0249-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message...

SUSE-SU-2019:0248-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message...

VLC (European Commission - DIGIT): VLC 4.0.0 - Stack Buffer Overflow (SEH)

Summary: Incorrect calculation of Buffer Size in rist module for VLC leading to Stack Overflow with SEH chain overwrite. The modules/access/rist module has an incorrect calculation of buffer size giving an attacker the possibility to set the buffer size of a local variable by sending a maliciousl...

openthread/cli-uart-received-fuzzer: Stack-buffer-overflow in ot::Cli::Interpreter::ProcessService

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5663316146388992 Project: openthread Fuzzer: aflopenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type:...

GattLib 0.2 - Stack Buffer Overflow

Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...

GattLib 0.2 - Stack Buffer Overflow

GattLib 0.2 - Stack Buffer Overflow Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...

openthread/ncp-uart-received-fuzzer: Stack-buffer-overflow in ot::NetworkData::PrefixTlv::Init

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5139750002884608 Project: openthread Fuzzer: aflopenthreadncp-uart-received-fuzzer Fuzz target binary: ncp-uart-received-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type:...

Notepad++: Stack overflow affecting "ext" field on stylers.xml configuration file

Summary: A stack buffer overflow vulnerability affects "ext" field into "stylers.xml" configuration file. "isInList" function doesn't check boundaries on word64 array. Description: Vulnerability src file: notepad-plus-plus/PowerEditor/src/MISC/Common/Common.cpp Vulnerability line: line 329 Variab...