CVE-2018-18957

CVE-2018-18957 affects libIEC61850 v1.3, with a stack-based overflow in prepareGooseBuffer (goose/goose_publisher.c). The CVSS v3.0 score is 9.8 (CRITICAL) with NETWORK attack vector and no privileges required; impacts Confidentiality/Integrity/Availability are HIGH. Public exploitation exists (e...

Nginx < 1.2.9 ngx_http_proxy_module.c Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is greater than or equal to 1.1.4 and prior to 1.2.9, or greater than or equal to 1.3.0 and prior to 1.4.1. It is, therefore, affected by multiple vulnerabilities : - A stack-based buffer overflow in 'ngxhttpparse.c' may allo...

CVE-2018-17916

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI formerly InTouch Machine Edition versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read...

Losant Arduino MQTT Client Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of...

Stack overflow

RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service DoS or code execution with root privileges...

CVE-2018-18714

CVE-2018-18714 affects RegFilter.sys in IOBit Malware Fighter up to version 6.2. It describes a stack-based buffer overflow triggered by IOCTL 0x8006E010, leading to DoS or code execution with root privileges. The connected documents provide these concrete details; remediation or fixed versions a...

RHEL 7 : glibc (RHSA-2018:3092)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3092 advisory. - glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries CVE-2017-16997 - glibc:...

Advantech WebAccess Client bwswfcfg Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwswfcfg.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Yi Technology Home Camera 27US TimeSync Code Execution Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

FreeBSD : liveMedia -- potential remote code execution (fa194483-dabd-11e8-bf39-5404a68ad561)

Talos reports : An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this...

CVE-2018-11824

CVE-2018-11824 describes a stack-based buffer overflow in a firmware routine of Qualcomm/ Snapdragon components ( Snapdragon Mobile, Snapdragon Wear ) affecting multiple platform variants (MDM9206, MDM9607, MDM9650, SD 210/212/205, SD 835, SD 845, SD 850, SDA660). The root cause is a overflow in ...

CVE-2018-11824

A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3470-1)

This update for the Linux Kernel 4.4.121-9295 fixes several issues. The following security issues were fixed : CVE-2018-14633: A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An...

EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1332)

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the...

openSUSE: Security Advisory for pdns (openSUSE-SU-2018:1442-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : ntp (openSUSE-2018-1280)

This update for NTP to version 4.2.8p12 fixes the following vulnerabilities bsc1111853 : - CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofi...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Improper Access Control, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for arbitrary...

Advantech WebAccess Client bwclient Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

SUSE SLES12 Security Update : ntp (SUSE-SU-2018:3351-1)

NTP was updated to 4.2.8p12 bsc1111853 : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

Advantech WebAccess Node webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x138bd IOCTL in the webvrpcs process. The issue...