DSA-2921-1 xbuffy - security update

Bulletin has no description...

Updated nagios packages fix CVE-2014-1878

Updated nagios packages fix security vulnerability: Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentatio...

Fedora 19 : jbigkit-2.0-9.fc19 (2014-4960)

This update fixes a stack-based buffer overflow flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Advantech WebAccess Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from the Zero Day Initiative ZDI concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an...

CVE-2013-4290

OpenJPEG is affected by CVE-2013-4290. A stack-based buffer overflow in the OpenJPEG codebase (lib/openjp3d/opj_jp3d_compress.c, bin/jp3d/convert.c, and lib/openjp3d/event.c) can be triggered remotely via unspecified vectors prior to version 1.5.2, potentially leading to arbitrary code execution ...

KLA10020 DoS vulnerability in Winamp

A stack-based buffer overflow was found in Winamp. By exploiting this vulnerability malicious users can cause denial of service and possibly execute arbitrary code. This vulnerability can be exploited from the network at a point related to Skin packages via a specially designed package. Original...

Fedora 20 : jbigkit-2.0-10.fc20 (2014-4948)

This update fixes a stack-based buffer overflow flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Updated jbigkit packages fix CVE-2013-6369

Updated jbigkit packages fix security vulnerability: Florian Weimer found a stack-based buffer overflow flaw in the libjbig library part of jbigkit. A specially-crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary cod...

CVE-2014-0787

Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet...

CVE-2014-0767

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely...

CVE-2014-0770

By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely...

CVE-2014-0767

CVE-2014-0767 is a buffer overflow in Advantech WebAccess’ webvact.ocx ActiveX control, triggered by an overly long AccessCode argument, enabling remote code execution via a crafted webpage. Affected product: Advantech WebAccess (WebAccess Webvact OCX). Root cause: stack-based overflow due to ins...

CVE-2014-0764

Advantech WebAccess is affected by CVE-2014-0764 due to a stack-based buffer overflow in the NodeName parameter parsing of the webvact.ocx ActiveX control. The advisory material from Core Security (CORE-2014-0005) and related sources indicate the vulnerability could allow remote code execution wh...

CVE-2014-0767 Advantech WebAccess Stack-based Buffer Overflow

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely...

CVE-2014-0787

WellinTech KingSCADA CVE-2014-0787 is a stack-based buffer overflow vulnerability affecting KingSCADA before 3.1.2.13. A crafted packet to the AlarmServer service (AEserver.exe) on TCP port 12401 can trigger a stack overflow via an improper size handling in packet parsing, allowing remote code ex...

CVE-2013-6369

Stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted image file...

CVE-2013-6369

Stack-based buffer overflow in the jbgdecin function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted image file...

BlackBerry Patches Remote Code Execution Security Vulnerability

BlackBerry’s Security Incident Response Team BBSIRT today released a security advisory resolving a remote code execution vulnerability in BlackBerry 10. The company says it has no knowledge of attacks actively exploiting this bug in the wild. “BlackBerry is committed to protecting customers from...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2949660)

This host is missing a critical security update according to Microsoft Bulletin MS14-017. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Office Word Remote Code Execution Vulnerabilities (2949660)

This host is missing a critical security update according to Microsoft Bulletin MS14-017. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...