openSUSE Security Update : ghostscript (openSUSE-2018-479)

This update for ghostscript fixes the following issues : - CVE-2018-10194: A stack-based buffer overflow was fixed in gdevpdts.c bsc1090099 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Security update for libvorbis (moderate)

This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in barknoisehybridm bsc1091072. - CVE-2017-14160: Fixed out-of-bounds access inside barknoisehybridmp function bsc1059812. This update was imported from the...

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

Advantech WebAccess Node bwctrkrl Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwctrkrl.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs proces...

Advantech WebAccess Node notify2 TeleNum Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within notify2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process...

Advantech WebAccess Node AutoConfig4IIS Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within AutoConfig4IIS.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Advantech WebAccess Node bwsound2 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwsound2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs proces...

Advantech WebAccess Node bwmakdir Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmakdir.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs...

Advantech WebAccess Node bwdnload Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwdnload.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs proces...

Advantech WebAccess Node wapnp Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within wapnp.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process...

Stack overflow

The ObjReader::ReadObj function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service stack-based buffer overflow or possibly execute arbitrary code via a crafted pdf file...

CVE-2018-11128

The ObjReader::ReadObj function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service stack-based buffer overflow or possibly execute arbitrary code via a crafted pdf file...

CVE-2018-11128

The CVE-2018-11128 entry describes a buffer overflow in Pdfparser’s ObjReader::ReadObj() within vincent0629 PDFParser, exploitable by processing a crafted PDF. The vulnerability can lead to denial of service or arbitrary code execution on affected systems. CVSS2 (AV:N/AC:M/Au:N/C:P/I:P/A:P) sugge...

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

SUSE SLES11 Security Update : libvorbis (SUSE-SU-2018:1321-1)

This update for libvorbis fixes the following issues: Security issues fixed : - CVE-2018-10393: Fixed stack-based buffer over-read in barknoisehybridm bsc1091072. - CVE-2017-14160: Fixed out-of-bounds access inside barknoisehybridmp function bsc1059812. Note that Tenable Network Security has...

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : PHOENIX CONTACT Equipment : FL SWITCH 3xxx/4xxx/48xx Series Vulnerabilities : Command Injection, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of...

Updated exempi package fixes security vulnerabilities

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...

Adobe Acrobat Pro DC ImageConversion EMF EMR_COMMENT Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

FreeBSD : wavpack -- multiple vulnerabilities (50210bc1-54ef-11e8-95d9-9c5c8e75236a)

Sebastian Ramacher reports : A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. The...