CVE-2016-8658

Stack-based buffer overflow in the brcmfcfg80211startap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service system crash or possibly have unspecified other impact via a long SSID Information Eleme...

CVE-2016-8670

Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via...

Debian DLA-644-1 : libav security update

Multiple vulnerabilities have been found in libav : CVE-2015-1872 The ffmjpegdecodesof function in libavcodec/mjpegdec.c in Libav before 0.8.18 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service out-of-bounds...

openSUSE Security Update : php5 (openSUSE-2016-1150)

This update for php5 fixes the following security issues : - CVE-2016-7411: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out of boun...

PHP 7.0.x < 7.0.11 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....

PHP 5.6.x < 5.6.26 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.26. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in ext/standard/varunserializer.re when destroying deserialized objects due to improper validation of user-supplied input...

CVE-2016-4301

CVE-2016-4301 : A stack-based buffer overflow in the libarchive library’s mtree parser (archive_read_support_format_mtree.c, parse_device) allows remote attackers to execute arbitrary code when processing crafted mtree files. Affected: libarchive prior to 3.2.1. Mitigation: upgrade to 3.2.1 or ne...

FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability

OVERVIEW A researcher working with Trend Micro’s Zero Day Initiative ZDI has identified a stack-based buffer overflow vulnerability in FATEK Automation's PLC WinProladder application. Fatek Automation Fatek has not produced an update to mitigate this vulnerability. ZDI has coordinated with...

CVE-2016-7415

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode ICU through 57.1 for C/C++ allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a long locale string...

CVE-2016-7415

CVE-2016-7415 : ICU4C contains a stack-based buffer overflow in the Locale class (common/locid.cpp) that can be triggered by a long locale string, enabling a remote attacker to crash the application or potentially cause other impacts. IBM and related advisories confirm this ICU flaw affects IBM p...

CVE-2016-7415

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode ICU through 57.1 for C/C++ allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a long locale string...

Updated cracklib packages fix security vulnerability

It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...

MGASA-2016-0302 Updated cracklib packages fix security vulnerability

It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...

Wireshark Multiple DoS Vulnerabilities (Sep 2016) - Mac OS X

Wireshark is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wireshark 2.0.x < 2.0.6 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.6 advisory. - epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not...

Cisco Nexus 3000 / 9000 Series GNU C Library (glibc) getaddrinfo() RCE (cisco-sa-20160218-glibc)

The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability in the bundled version of the GNU C Library glibc due to a stack-based buffer overflow condition in the DNS resolver. An unauthenticated, remote attacker can exploit this, via a...

CVE-2016-3863

CVE-2016-3863 affects Android's MediaMuxer/LibStagefright AVCC reassembly code (Utils.cpp). Multiple stack-based buffer overflows in the AVCC reassembly path can be triggered by a crafted media file, enabling arbitrary code execution. Affected Android versions include 4.x prior to 4.4.4; 5.0.x pr...

Symantec Protection Engine 7.0.x < 7.0.5 HF01 / 7.5.x < 7.5.3 HF03 / 7.8.x < 7.8.0 HF01 Multiple Vulnerabilities (SYM16-010) (*nix check)

The version of Symantec Protection Engine installed on the remote host is 7.0.x prior to 7.0.5 HF01, 7.5.x prior to 7.5.3 HF03, or 7.8.x prior to 7.8.0 HF01. It is, therefore, affected by multiple vulnerabilities : - An array indexing error exists in the Unpack::ShortLZ function within file...

SUSE SLES11 Security Update : cracklib (SUSE-SU-2016:2211-1)

This update for cracklib fixes a security issue and a bug: Security issue fixed : - Add patch to fix a stack-based buffer overflow in GECOS parser bsc992966 CVE-2016-6318 The following non security issue was fixed : - Call textdomain in cracklib-check main function so that program output is...

CVE-2016-5680

CVE-2016-5680 corresponds to a stack-based buffer overflow in NUUO NVRmini 2 (firmware 1.7.6–3.0.0) and NETGEAR ReadyNAS Surveillance 1.1.2, triggered by the sn parameter to the transfer_license command in the cgi_main binary. The issue allows remote or local code execution and is part of a broad...