NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2019-0206)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long...

openSUSE Security Update : u-boot (openSUSE-2019-2233)

This update for u-boot fixes the following issues : Security issues fixed : - CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution bsc1144656. - CVE-2019-13104: Fixed an underflow that could cause memcpy to overwrite a very large amount o...

Interpeak IPnet TCP/IP Stack (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment : OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and...

EulerOS 2.0 SP8 : squashfs-tools (EulerOS-SA-2019-2092)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...

3S CODESYS V3 CmpWebServer Multiple Vulnerabilities

Binary data scadacodesys2019-01.nbin...

SUSE SLED15 / SLES15 Security Update : u-boot (SUSE-SU-2019:2474-1)

This update for u-boot fixes the following issues : Security issues fixed : CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution bsc1144656. CVE-2019-13104: Fixed an underflow that could cause memcpy to overwrite a very large amount of da...

SUSE SLED15 / SLES15 Security Update : u-boot (SUSE-SU-2019:2475-1)

This update for u-boot fixes the following issues : Security issues fixed : CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution bsc1144656. CVE-2019-13104: Fixed an underflow that could cause memcpy to overwrite a very large amount of da...

Rockwell Automation CompactLogix <= v30.014 Uncontrolled Resource Consumption or Stack-based Buffer Overflow (ICSA-19-120-01)

Binary data 720278.prm...

EulerOS 2.0 SP3 : dcraw (EulerOS-SA-2019-2002)

According to the version of the dcraw package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote...

CVE-2019-9719

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a...

Stack overflow

DISPUTED A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence o...

CVE-2019-9720

CVE-2019-9720 affects Libav 12.3: a stack-based buffer overflow in the subtitle decoder due to incorrect use of snprintf in libavcodec/srtdec.c (srt_to_ass). Exploitation via a crafted Matroska video file can corrupt the stack. No explicit remediation details are given in the provided documents; ...

CVE-2019-13556

Advantech WebAccess (versions 8.4.1 and earlier) contains stack-based buffer overflow vulnerabilities in multiple components (e.g., giffconv.exe, cnvlgxtag.exe, bwrunrpt.exe) caused by improper validation of the length of user-supplied data. Exploitation can lead to remote code execution with Adm...

CVE-2018-20336

CVE-2018-20336 affects ASUSWRT 3.0.0.4.384.20308. A stack-based buffer overflow in the parse_req_queries function of wanduck.c can be triggered by a long UDP string, leading to an information leak. Multiple connected records (Red Hat, CNVD/CVE mirrors, NVD) corroborate the issue and version. No e...

EulerOS 2.0 SP2 : squashfs-tools (EulerOS-SA-2019-1871)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...

EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1844)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Stack-based buffer overflow in the glob implementation in GNU C Library aka glibc before 2.24, when GLOBALTDIRFUNC is used, allows...

Advantech WebAccess Node cnvlgxtag Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within cnvlgxtag.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2019-1928)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PH...

3S-Smart Software Solutions GmbH CODESYS V3 Web Server

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 web server Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Delta Industrial Automation TPEditor TPE File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...