SUSE SLES12 Security Update : ntp (SUSE-SU-2018:3351-1)

NTP was updated to 4.2.8p12 bsc1111853 : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2018:3342-1)

NTP was updated to 4.2.8p12 bsc1111853 : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

Advantech WebAccess Client bwwebd Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebd.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs proces...

SUSE SLES11 Security Update : ntp (SUSE-SU-2018:3356-1)

NTP was updated to 4.2.8p12 bsc1111853 : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

SUSE SLED12 / SLES12 Security Update : pam_pkcs11 (SUSE-SU-2018:3311-1)

This update for pampkcs11 provides the following fixes : Security issues fixed bsc1105012 : Fixed a logic bug in pampkcs11.c, leading to an authentication replay vulnerability Fixed a stack-based buffer overflow in opensshmapper.c Make sure memory is properly cleaned before invoking free Other...

Advantech WebAccess Client bwsound2 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwwebv.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs proces...

Advantech WebAccess Node bwmakdir Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmakdir.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

CVE-2018-14816

CVE-2018-14816 maps to multiple stack-based buffer overflow flaws in Advantech WebAccess components. Connected advisories (ZDI-18-1300, -1302, -1303, -1304, -1305, -1306, -1307, -1300? and related CNVD) describe remote code execution via careless validation of user-supplied data copied into fixed...

Critical RCE Bug Impacts Streaming Server Libraries: VLC, MPLayer Not Impacted

A critical remote code-execution bug has been found in the popular Live Networks LIVE555’s streaming media RTSPServer. The vulnerability could allow an attacker to send a specially crafted packet to vulnerable systems and trigger a stack-based buffer overflow, according to researchers at Cisco...

Stack overflow

IMFCameraProtect.sys in IObit Malware Fighter 6.2 and possibly lower versions is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution...

CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

CVE-2018-14807

CVE-2018-14807 affects Opto 22 PAC Control Basic and PAC Control Professional (versions R10.0a and prior). The vulnerability is a stack-based buffer overflow in the control software that may allow remote code execution. Affected products include PAC Control Basic and PAC Control Professional; the...

Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability

These vulnerabilities were discovered by Lilith Wyatt of Cisco Talos. Cisco Talos is disclosing a code execution vulnerability that has been identified in Live Networks LIVE555 streaming media RTSPServer. LIVE555 Streaming Media is a set of open-source C++ libraries developed by Live Networks Inc...

CVE-2018-18456

The function Object::isName in Object.h called from Gfx::opSetFillColorN in Xpdf 4.00 allows remote attackers to cause a denial of service stack-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

CVE-2018-18456

The function Object::isName in Object.h called from Gfx::opSetFillColorN in Xpdf 4.00 allows remote attackers to cause a denial of service stack-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability

Summary An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

liveMedia -- potential remote code execution

Talos reports: An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerabili...

UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0...