libxls xls_getfcell Code Execution Vulnerability

Summary An exploitable stack based buffer overflow vulnerability exists in the xlsgetfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Version...

CVE-2017-15101

A missing fix for one stack-based buffer overflow in findTable for CVE-2014-8184 was discovered. An attacker could cause denial of service or potentially allow arbitrary code execution...

Security update for qemu (important)

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c bsc1062942. - CVE-2017-9524: The qemu-nbd server when built with the...

[ASA-201711-12] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-201711-12 ========================================== Severity: Critical Date : 2017-11-07 CVE-ID : CVE-2017-15398 CVE-2017-15399 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-482 Summary ======= The packa...

Stack overflow

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.220170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the...

CVE-2017-14016

CVE-2017-14016 affects Advantech WebAccess prior to version V8.2_20170817 . The vulnerability is a stack-based buffer overflow in the Webvrpcs DCERPC service (opcode 80061) caused by insufficient validation of user-supplied data length before copying to a stack buffer, enabling remote code execut...

CVE-2017-14016

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.220170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the...

RHEL 7 : liblouis (RHSA-2017:3111)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3111 advisory. Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and...

Cesanta Mongoose MQTT SUBSCRIBE Multiple Topics Remote Code Execution

Summary An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT...

CentOS Update for wget CESA-2017:3075 centos7

Check the version of wget SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882793";...

CVE-2017-2887

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...

Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System name Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9034)

Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer...

Joyent SmartOS Hyprlofs FS IOCTL Native File System path Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9033)

Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...

GLSA-201710-02 : file: Stack-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-201710-02 file: Stack-based buffer overflow An issue discovered in file allows attackers to write 20 bytes to the stack buffer via a specially crafted .notes section. Impact : A remote attacker, by using a specially crafted .notes...

CVE-2017-15046

CVE-2017-15046 affects LAME 3.97–3.99.x, where a stack-based buffer overflow occurs in unpack_read_samples (frontend/get_audio.c). Root cause: unsafe handling in the audio sample unpacking path. Impact: denial of service (invalid memory read and crash) potentially exploitable via specially crafte...

CVE-2017-15046

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpackreadsamples in frontend/getaudio.c, a different vulnerability than CVE-2017-9412...

GE CIMPLICITY (Update A)

CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-278-01 GE CIMPLICITY that was published October 5,...

CVE-2017-12638

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE...

Stack overflow

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED...