Arbitrary Code Execution

Libraw.so is vulnerable to code execution. An error within the findgreen function in internal/dcrawcommon.cpp allows an attacker to execute code via a stack-based buffer overflow...

EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data CVE-2018-5729 - DN container check bypass by supplying...

EulerOS 2.0 SP3 : zsh (EulerOS-SA-2018-1396)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - zsh: buffer overflow for very long fds in i1/4zi1/4+ fd syntax CVE-2014-10071 - zsh: buffer overflow when scanning very long directory paths for...

OMRON CX-One CXP File Parsing Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the parsing of CXP files. The issue results...

CVE-2018-5808

An error within the "findgreen" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

CVE-2018-5805

A boundary error within the "quicktake100loadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash...

CVE-2018-5809

An error within the "LibRaw::parseexif" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

CVE-2018-5805

A boundary error within the "quicktake100loadraw" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash...

CVE-2018-5808

CVE-2018-5808 affects LibRaw prior to version 0.18.9, where an issue in the find_green() function (internal/dcraw_common.cpp) can cause a stack-based buffer overflow and potentially allow arbitrary code execution. Public material in connected documents confirms LibRaw as the affected component an...

CVE-2018-5809

An error within the "LibRaw::parseexif" function internal/dcrawcommon.cpp in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code...

Amazon Linux AMI : zsh (ALAS-2018-1107)

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected i...

Stack overflow

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2018-18993

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior. When processing project files, the application allows input data to exceed the buffer. An attacker could use a...

CVE-2018-19842

getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...

CVE-2018-19842

getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly data, as demonstrated by rasm2...

CVE-2018-19842

CVE-2018-19842 affects radare2, specifically the function getToken in the file libr/asm/p/asm_x86_nz.c . The issue is a stack-based buffer over-read triggered by crafted x86 assembly data, leading to a potential denial of service . Connected sources confirm the vulnerability exists in radare2 bef...

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of...

CVE-2018-19655

A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...

CVE-2018-19655

A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...

RHEL 7 : kernel (RHSA-2018:3651)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3651 advisory. - kernel: stack-based buffer overflow in chapservercomputemd5 in iscsi target CVE-2018-14633 - kernel: NULL pointer dereference in...