CVE-2019-9125

An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAPAUTH HTTP header...

CVE-2019-9125

CVE-2019-9125 affects D-Link DIR-878 (firmware 1.12B01). The root cause is misuse of strncpy causing a stack-based buffer overflow that can be exploited remotely without authentication via HNAP_AUTH. Documentation consistently notes impact to confidentiality, integrity, and availability. Public d...

EulerOS 2.0 SP2 : ntp (EulerOS-SA-2019-1053)

According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution CVE-2018-12327 Note that Tenable Network Security has...

CVE-2019-8985

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices possibly WF2411 through WF2880, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service device restart or remote code execution. This vulnerability can be triggered by a GE...

Amazon Linux 2 : curl (ALAS-2019-1162)

libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM serv...

CVE-2019-8356

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow...

CVE-2019-8356

SoX 14.4.2 contains a stack-based buffer overflow in fft4g.c: an unguarded argument to bitrv2 can write outside the statically declared array (CVE-2019-8356). Connected sources (EulerOS/NESSUS entries) confirm this exact issue for SoX 14.4.2 and list it among related SoX vulnerabilities, without ...

EulerOS 2.0 SP5 : libsndfile (EulerOS-SA-2019-1030)

According to the version of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application cra...

openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : curl (openSUSE-2019-174)

This update for curl fixes the following issues : Security issues fixed : - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message...

EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-1037)

According to the version of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution CVE-2018-12327 Note that Tenable Network Security has...

Security update for curl (important)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2019:0174-1 Rating: important References: 1123371 1123377 1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...

CVE-2018-7814

A Stack-based Buffer Overflow CWE-121 vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 Gold Build 683.0 which could cause remote code to be executed when parsing a GD1 file...

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header lib/vauth/ntlm.c:Curlauthcreatentlmtype3message, generates the request HTTP header contents based on previously received data. The check that exists ...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:0248-1)

This update for curl fixes the following issues : Security issues fixed : CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. CVE-2019-3822: Fixed a stack-based buffer overflow in the function creating an outgoing NTLM type-3 message...

Security Bulletin: Vulnerabilities in Ncurses affect IBM Chassis Management Module (CMM)

Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in Ncurses. Vulnerability Details Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in Ncurses. Vulnerability Details CVEID: CVE-2017-13731 Description: Ncurses is vulnerable ...

Security Bulletin: Vulnerability in GNU C Library affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2016-1234)

Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerability in GNU C Library. Vulnerability Details Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerability i...

Security Bulletin: Vulnerability in GNU C Library (glibc) affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-3075)

Summary A vulnerability in GNU C Library glibc affects IBM Flex System FC5022 16Gb SAN Scalable Switch. IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the vulnerability. Vulnerability Details Summary A vulnerability in GNU C Library glibc affects IBM Flex System FC5022 16Gb SAN...

Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities. Vulnerability Details Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities. Vulnerability Details: CVEID: CVE-2016-6318 Description: cracklib is vulnerab...

Security Bulletin: IBM Systems Director is affected by DB2 vulnerabilities (CVE-2013-4033, CVE-2013-5466, CVE-2012-2194, CVE-2012-2196, CVE-2012-2197 and CVE-2012-4826)

Summary IBM Systems Director is affected by DB2 vulnerabilities CVE-2013-4033, CVE-2013-5466, CVE-2012-2194, CVE-2012-2196, CVE-2012-2197 and CVE-2012-4826 Vulnerability Details Abstract IBM Systems Director is affected by DB2 vulnerabilities CVE-2013-4033, CVE-2013-5466, CVE-2012-2194,...