8439 matches found
uwsgi -- a stack-based buffer overflow
Uwsgi developers report: It was discovered that the uwsgiexpandpath function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service application crash or stack corruption...
CVE-2018-5442
Fuji Electric V-Server VPR is affected by CVE-2018-5442, a Stack-based Buffer Overflow in VPR 4.0.1.0 and earlier. The vulnerability arises from improper validation of user-supplied data during project file parsing, copying data into a fixed-length buffer, which can lead to remote code execution....
Hewlett Packard Enterprise Intelligent Management Center dbman Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within dbman.exe. The issue results from the lack of...
[SECURITY] [DSA 4095-1] gcab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4095-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4095-1] gcab security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4095-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2018 https://www.debian.org/security/faq -...
gcab -- stack overflow
Upstream reports: A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file...
EulerOS 2.0 SP1 : ncurses (EulerOS-SA-2018-1005)
According to the version of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Stack-based buffer overflow in the ncwriteentry function in tinfo/writeentry.c in ncurses 6.0 allows attackers to cause a denial of service...
EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2018-1006)
According to the version of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Stack-based buffer overflow in the ncwriteentry function in tinfo/writeentry.c in ncurses 6.0 allows attackers to cause a denial of service...
EulerOS 2.0 SP1 : gimp (EulerOS-SA-2018-1022)
According to the versions of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling...
Siemens SIMATIC WinCC Add-On (Update A)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...
CVE-2018-5721
Stack-based buffer overflow in the ejupdatevariables function in router/httpd/web.c on ASUS routers when using software from https://github.com/RMerl/asuswrt-merlin allows web authenticated attackers to execute code via a request that updates a setting. In ejupdatevariables, the length of the...
Fedora 27 : file (2017-6a10869603)
fix a possible stack based buffer overflow CVE-2017-1000249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2018-5345
CVE-2018-5345 describes a stack-based buffer overflow in GNOME gcab up to version 0.7.4, exploitable via malformed .cab files to crash or potentially execute arbitrary code. Connected advisories document that fixes were released in various distributions (e.g., gcab updates in Fedora 26 and Red Ha...
Advantech WebAccess bwMQTT Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwMQTT utility. The issue results from the...
Advantech WebAccess bwprtscr Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwprtscr utility. The issue results from th...
Advantech WebAccess DrawCMD Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the DrawCMD utility. The issue results from the...
Advantech WebAccess bwwfaa Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwwfaa utility. The issue results from the...
Advantech WebAccess bwscrp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwscrp utility. The issue results from the...
Advantech WebAccess bwstwww Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the bwstwww utility. The issue results from the...
Advantech WebAccess makensis Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the command line in the makensis utility. The issue results from th...