Security update for libraw (moderate)

openSUSE Security Update: Security update for libraw Announcement ID: openSUSE-SU-2019:0094-1 Rating: moderate References: 1120498 1120499 1120500 1120515 1120516 1120517 1120519 Cross-References: CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-581...

(0Day) Wecon LeviStudioU DataLogTool History Curve Set Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.ex...

(0Day) Wecon LeviStudioU SysParameter ComSet BaudRate Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

ZoneMinder <= 1.32.3 Multiple Vulnerabilities

ZoneMinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoneminder:zoneminder"; if...

Stack overflow

A classic Stack-based buffer overflow exists in the zmLoadUser function in zmuser.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username...

[SECURITY] [DLA 1641-1] mxml security update

Package : mxml Version : 2.6-2+deb8u1 CVE ID : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004 Debian Bug : 825855 918007 Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to...

Denial Of Service (DoS)

ntp is vulnerable to denial of service DoS attacks. The vulnerability exists as a stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash...

Arbitrary Code Execution

flac is vulnerable to arbitrary code execution. A stack-based buffer overflow in streamdecoder.c allows an attacker to pass a malicious FLAC audio file to execute arbitrary code or crash the process when the file is read...

Denial Of Service (DoS)

coreutils is vulnerable to denial of service. The sort, uniq, and join utilities did not properly restrict the use of the alloca function, which allows an attacker to crash those utilities in a stack-based buffer overflow by providing long input strings...

PHP 7.1.x < 7.1.7 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library LibGD in the gdImageCreateFromGifCtx function within file gdgifin.c...

PHP 5.6.x < 5.6.18 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...

PHP 7.0.x < 7.0.11 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....

PHP 7.0.x < 7.0.21 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compilebracketmatchingpath function within file pcrejitcompile.c. An...

CVE-2018-5410 Dokan file system driver contains a stack-based buffer overflow

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.500...

Stack overflow

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.500...

CVE-2018-5410

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.500...

SUSE SLED12 Security Update : libraw (SUSE-SU-2019:0002-1)

This update for libraw fixes the following issues : Security issues fixed : CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in findgreen function internal/dcrawcommon.cpp bsc1118894. CVE-2018-5805: Fixed a boundary error within the quicktake100loadraw function...

Fedora 28 : zsh (2018-a5e9a619f6)

update to latest upstream release, which fixes the following vulnerabilities : - CVE-2018-1100 - stack-based buffer overflow in utils.c:checkmailpath - CVE-2018-1083 - stack-based buffer overflow in compctl.c:genmatchesfiles - CVE-2018-1071 - stack-based buffer overflow in exec.c:hashcmd Note tha...

SUSE SLED15 / SLES15 Security Update : libsndfile (SUSE-SU-2018:2074-1)

This update for libsndfile fixes the following issues: Security issues fixed : - CVE-2018-13139: Fix a stack-based buffer overflow in psfmemset in common.c that allows remote attackers to cause a denial of service bsc1100167. - CVE-2017-17456: Prevent segmentation fault in the function d2alawarra...

SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)

This update for php7 fixes the following security issues : - CVE-2016-6128: Invalid color index not properly handled bsc987580 - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 - CVE-2016-6292: NULL pointer dereference in exifprocessusercomme...