GE CIMPLICITY (Update A)

CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-278-01 GE CIMPLICITY that was published October 5,...

CVE-2017-12638

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE...

Stack overflow

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED...

CentOS 7 : dnsmasq (CESA-2017:2836)

An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: nagios

Issue Overview: Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the...

Scientific Linux Security Update : dnsmasq on SL7.x x86_64 (20171002)

Security Fixes : - A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. CVE-2017-14491 - A heap buffer overflow was discovered in...

CVE-2017-14493

CVE-2017-14493 is a stack-based buffer overflow in dnsmasq’s DHCPv6 handling. Remote attackers on the local network can send a crafted DHCPv6 request to trigger a crash or potentially execute arbitrary code. Public advisories confirm the issue and note a fix/update was released upstream in dnsmas...

Dnsmasq contains multiple vulnerabilities

Overview Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. Description Multiple vulnerabilities have been reported in dnsmasq.CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 CWE-122: Heap-based Buffer Overflow - CVE-2017-14492 CWE-121: Stack-based Buffer Overflow -...

CVE-2017-14931

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted JPEG file...

CVE-2017-14931

The CVE-2017-14931 entry concerns OpenExif 2.1.4. The vulnerability resides in ExifImageFile::readDQT within ExifImageFileRead.cpp, allowing remote attackers to trigger a denial of service via a crafted JPEG, caused by a stack-based buffer over-read that crashes the application. The available rec...

CVE-2017-14931

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted JPEG file...

SUSE SLES11 Security Update : liblouis (SUSE-SU-2017:2590-1)

This update for liblouis fixes several issues. These security issues were fixed : - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable that could have caused DoS or remote code execution bsc1056101 - CVE-2017-13740: Prevent stack-based buffer overflow in the functi...

Aerospike Database Server Index Name Code Execution Vulnerability(CVE-2016-9052)

Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...

CVE-2015-7510

CVE-2015-7510 is a stack-based buffer overflow in the NSS module nss-mymachines of systemd, specifically in getpwnam and getgrnam. The vulnerability is described as enabling a crash/DoS under exploitation of the NSS functions. Public references show patches/update activity (e.g., systemd commit a...

FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)

SO-AND-SO reports : CVE-2017-12814: $ENV$key stack-based buffer overflow on Windows A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression...

Mongoose Embedded Web Server Library 6.8 Buffer Overflow Exploit

Exploit for multiple platform in category remote exploits Product: Mongoose Embedded Web Server Library Vendor: Cesanta CVE ID: Not yet assigned. CSNC ID: CSNC-2017-023 Subject: Stack based buffer overflow Risk: High Effect: Remotely exploitable Author: Dobin Rutishauser Date: 2017-09-20...

CVE-2017-14639

AP4VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service application crash or possibly unspecified other impact...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3422-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3422-1 advisory. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically...

RHEL 6 : MRG (RHSA-2017:2705) (BlueBorne)

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137: Incorrectly-aligned updates...