Amazon Linux AMI : kernel (ALAS-2018-1086)

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3775-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3775-1 advisory. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness ...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3776-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3776-1 advisory. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3776-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3776-2 advisory. USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu: Security Advisory (USN-3775-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-3999

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a...

USN-3777-2: Linux kernel (HWE) vulnerabilities

USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence numb...

USN-3777-1 linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities

Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-17182 It was discovered that the...

USN-3776-2 linux-lts-xenial, linux-aws vulnerabilities

USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence numb...

USN-3776-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-17182 It was discovered that the...

USN-3775-1 linux vulnerabilities

It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. CVE-2018-15594 It was...

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2015-1283, CVE-2015-4947, CVE-2015-3183)

Summary IBM HTTP Server is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting IBM HTTP Server have been published in several security bulletins. Vulnerability Details Please consult these security bulletins: Security Bulletin: Denial of service...

openvswitch/expr_parse_target: Stack-buffer-underflow in lex_parse_hex_integer

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5699613135208448 Project: openvswitch Fuzzer: aflopenvswitchexprparsetarget Fuzz target binary: exprparsetarget Job Type: aflasanopenvswitch Platform Id: linux Crash Type: Stack-buffer-underflow REA...

Samsung Galaxy S8 Arbitrary Code Execution Vulnerability

The Samsung Galaxy S8 is a smartphone released by the South Korean company Samsung Samsung. An arbitrary code execution vulnerability exists in the Samsung Galaxy S8, which stems from a failure to properly validate the length of user-submitted data before copying it into a buffer on a fixed-lengt...

CVE-2018-14633

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...

CVE-2018-14633

CVE-2018-14633 affects the Linux kernel iSCSI target code, specifically chap_server_compute_md5(), where an unauthenticated remote attacker can trigger a stack-based buffer overflow, potentially causing a denial of service or exposing data from an iSCSI target. Public disclosures in 2018 indicate...

CVE-2018-14633

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...

graphicsmagick/coder_MVG_fuzzer: Stack-buffer-overflow in MagickGetToken

Project: http://hg.code.sf.net/p/graphicsmagick/code Detailed report: https://oss-fuzz.com/testcase?key=5634802938544128 Project: graphicsmagick Fuzzer: aflgraphicsmagickcoderMVGfuzzer Fuzz target binary: coderMVGfuzzer Job Type: aflasangraphicsmagick Platform Id: linux Crash Type:...

ffmpeg/ffmpeg_AV_CODEC_ID_ILBC_fuzzer: Stack-buffer-underflow in vector_multiplication

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5638941487661056 Project: ffmpeg Fuzzer: aflffmpegAVCODECIDILBCfuzzer Fuzz target binary: ffmpegAVCODECIDILBCfuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Stack-buffer-underflow WRITE 2...

CVE-2018-14633

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...