CVE-2018-3938

Sony IPELA E Series Camera G5 firmware 1.87.00 has a stack-based buffer overflow in the 802dot1xclientcert.cgi endpoint. A crafted POST can trigger remote code execution. Reported under CVE-2018-3938 (TALOS-2018-0605); CVSSv3 9.1 CRITICAL (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Affected product: S...

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

LAS VEGAS – Tens of millions of fax-ready HP OfficeJet inkjet printers are vulnerable to a simple hack that gives an attacker full control over a targeted printer. Once compromised, the all-in-one OfficeJet could act as a springboard for deeper network penetration by an attacker. Here at DEF CON,...

Updated libsndfile packages fix security vulnerabilities

Updated libsndfile package fixes security vulnerabilities: The function d2alawarray in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17456. The function d2ulawarray in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack CVE-2017-17457. A stack-based buffer...

ABB Panel Builder ModBus Beckhoff ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

ABB Panel Builder BEMBSlave ComErrorIO Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

EulerOS 2.0 SP3 : liblouis (EulerOS-SA-2018-1228)

According to the versions of the liblouis packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.CVE-2018-11440 - Liblouis 3.5.0 has a...

CVE-2018-0429

Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service segmentation fault and execute arbitrary code via a crafted non-conformant Thor bitstream...

CVE-2018-0429

Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service segmentation fault and execute arbitrary code via a crafted non-conformant Thor bitstream...

CVE-2018-0429

Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service segmentation fault and execute arbitrary code via a crafted non-conformant Thor bitstream...

openSUSE Security Update : libsndfile (openSUSE-2018-804)

This update for libsndfile fixes the following issues : Security issues fixed : - CVE-2018-13139: Fix a stack-based buffer overflow in psfmemset in common.c that allows remote attackers to cause a denial of service bsc1100167. - CVE-2017-17456: Prevent segmentation fault in the function d2alawarr...

openSUSE Security Update : libsndfile (openSUSE-2018-806)

This update for libsndfile fixes the following issues : Security issues fixed : - CVE-2018-13139: Fix a stack-based buffer overflow in psfmemset in common.c that allows remote attackers to cause a denial of service bsc1100167. - CVE-2017-17456: Prevent segmentation fault in the function d2alawarr...

Stack overflow

Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd...

CVE-2017-16252

Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd...

openSUSE Security Update : glibc (openSUSE-2018-788)

This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the...

CVE-2018-3847

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this...

WECON LeviStudioU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WECON Technology Co., Ltd Equipment: LeviStudioU --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-Bounds Write,...

openSUSE Security Update : Chromium (openSUSE-2018-780)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530 : - CVE-2018-6153: Stack-based buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC ...

SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2018:2065-1)

This update for libsndfile fixes the following issues: Security issues fixed : - CVE-2018-13139: Fix a stack-based buffer overflow in psfmemset in common.c that allows remote attackers to cause a denial of service bsc1100167. - CVE-2017-17456: Prevent segmentation fault in the function d2alawarra...

(0Day) Wecon LeviStudioU scriptedit FuncName Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

(0Day) Wecon LeviStudioU aetlog DiscSet TriggAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...