CentOS 7 : dnsmasq (CESA-2017:2836)

An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: nagios

Issue Overview: Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the...

Scientific Linux Security Update : dnsmasq on SL7.x x86_64 (20171002)

Security Fixes : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. CVE-2017-14491 - A heap buffer overflow was discovered in...

CVE-2017-14493

CVE-2017-14493 is a stack-based buffer overflow in dnsmasq’s DHCPv6 handling. Remote attackers on the local network can send a crafted DHCPv6 request to trigger a crash or potentially execute arbitrary code. Public advisories confirm the issue and note a fix/update was released upstream in dnsmas...

Dnsmasq contains multiple vulnerabilities

Overview Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. Description Multiple vulnerabilities have been reported in dnsmasq.CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 CWE-122: Heap-based Buffer Overflow - CVE-2017-14492 CWE-121: Stack-based Buffer Overflow -...

SUSE SLES11 Security Update : liblouis (SUSE-SU-2017:2590-1)

This update for liblouis fixes several issues. These security issues were fixed : - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable that could have caused DoS or remote code execution bsc1056101 - CVE-2017-13740: Prevent stack-based buffer overflow in the functi...

Aerospike Database Server Index Name Code Execution Vulnerability(CVE-2016-9052)

Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...

CVE-2015-7510

CVE-2015-7510 is a stack-based buffer overflow in the NSS module nss-mymachines of systemd, specifically in getpwnam and getgrnam. The vulnerability is described as enabling a crash/DoS under exploitation of the NSS functions. Public references show patches/update activity (e.g., systemd commit a...

FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)

SO-AND-SO reports : CVE-2017-12814: $ENV$key stack-based buffer overflow on Windows A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression...

Mongoose Embedded Web Server Library 6.8 Buffer Overflow Exploit

Exploit for multiple platform in category remote exploits Product: Mongoose Embedded Web Server Library Vendor: Cesanta CVE ID: Not yet assigned. CSNC ID: CSNC-2017-023 Subject: Stack based buffer overflow Risk: High Effect: Remotely exploitable Author: Dobin Rutishauser Date: 2017-09-20...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3422-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3422-1 advisory. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically...

RHEL 6 : MRG (RHSA-2017:2705) (BlueBorne)

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...

CVE-2017-14411

A stack-based buffer overflow was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution...

CVE-2017-14411

CVE-2017-14411 affects MP3Gain 1.5.2 via a stack-based buffer overflow in copy_mp within interface.c of mpglibDBL, causing an out-of-bounds write that can lead to remote denial of service or potentially code execution. Multiple connected records (Red Hat, Mageia, OSV, CNVD, CNVD-2017-33787) corro...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20170912) (BlueBorne)

Security Fixes : - A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel CONFIGCCSTACKPROTECTOR=y, which is enabled on al...

ZScada Modbus Buffer 2.0 - Stack-Based Buffer Overflow Exploit

Exploit for windows platform in category remote exploits require 'msf/core' class MetasploitModule 'ZScada Net Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Z-Scada Net 2.0. The vulnerability is triggered when parsing the response to a Modbus...

CVE-2017-14265

A Stack-based Buffer Overflow was discovered in xtransinterpolate in internal/dcrawcommon.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack...

CVE-2017-14265

CVE-2017-14265 is a stack-based buffer overflow in LibRaw’s xtrans_interpolate function (internal/dcraw_common.cpp) present in LibRaw releases before 0.18.3. The vulnerability can allow a remote denial of service or code execution when processing crafted images. Public reports from Debian and Mag...

EulerOS 2.0 SP1 : poppler (EulerOS-SA-2017-1229)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications tha...