Scientific Linux Security Update : librelp on SL6.x i386/x86_64 (20180424)

Security Fixes : - librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c CVE-2018-1000140 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid109340; scriptversion"1.6";...

RHEL 6 : librelp (RHSA-2018:1225)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1225 advisory. Librelp is an easy-to-use library for the Reliable Event Logging Protocol RELP protocol. RELP is a general-purpose, extensible logging protocol...

RHEL 7 : librelp (RHSA-2018:1223)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1223 advisory. - librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c CVE-2018-1000140 Note that Nessus has not tested for this issue bu...

CVE-2018-10254

Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file...

CVE-2018-10254

CVE-2018-10254 affects Netwide Assembler (NASM) 2.13, with a stack-based buffer over-read in the disasm/disasm.c file. The NVD description states that a crafted ELF file could be used by an attacker to cause a denial of service and potentially other impact. Connected Nessus/OpenVAS entries corrob...

CVE-2018-10254

Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file...

CVE-2018-9059

Stack-based buffer overflow in Easy File Sharing EFS Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791...

Stack overflow

In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD...

CVE-2016-10450

CVE-2016-10450 describes a potential stack-based buffer overflow in the Thermal service that could lead to root compromise on Android devices with Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear/SDx platforms (e.g., FSM9055, MDM9xx, MSM89xx, SD 210–835, etc.). The concrete affecte...

CVE-2016-10450

In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD...

Stack overflow

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

CVE-2018-7514

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

CVE-2018-7514

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and...

CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 9.8 Attention : Exploitable remotely/low skill level to exploit. Vendor : Schneider Electric Software, LLC Equipment : InduSoft Web Studio, InTouch Machine Edition Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this...

CVE-2018-3848

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

Stack overflow

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

CVE-2018-3848

CVE-2018-3848 affects NASA CFITSIO before 3.43 (CFITSIO 3.42 in the report). The vulnerability is a stack-based buffer overflow in the ffghbn function that can be triggered by specially crafted FITS images parsed by the library, potentially leading to arbitrary code execution. The initial documen...

CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...