CVE-2016-7415

CVE-2016-7415 : ICU4C contains a stack-based buffer overflow in the Locale class (common/locid.cpp) that can be triggered by a long locale string, enabling a remote attacker to crash the application or potentially cause other impacts. IBM and related advisories confirm this ICU flaw affects IBM p...

CVE-2016-7415

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode ICU through 57.1 for C/C++ allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a long locale string...

Updated cracklib packages fix security vulnerability

It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...

MGASA-2016-0302 Updated cracklib packages fix security vulnerability

It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib CVE-2016-6318...

Wireshark Multiple DoS Vulnerabilities (Sep 2016) - Mac OS X

Wireshark is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wireshark 2.0.x < 2.0.6 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.6 advisory. - epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not...

Cisco Nexus 3000 / 9000 Series GNU C Library (glibc) getaddrinfo() RCE (cisco-sa-20160218-glibc)

The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability in the bundled version of the GNU C Library glibc due to a stack-based buffer overflow condition in the DNS resolver. An unauthenticated, remote attacker can exploit this, via a...

CVE-2016-3863

Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a...

CVE-2016-3863

CVE-2016-3863 affects Android's MediaMuxer/LibStagefright AVCC reassembly code (Utils.cpp). Multiple stack-based buffer overflows in the AVCC reassembly path can be triggered by a crafted media file, enabling arbitrary code execution. Affected Android versions include 4.x prior to 4.4.4; 5.0.x pr...

Hand to hand teach you how to construct the office exploits EXP（the second period）-bug warning-the black bar safety net

On a period I shared office classic Vulnerability CVE-2 0 1 2-0 1 5 8 that demonstrates how a stack-based buffer overflow in the principles of construction to trigger the vulnerability document. The current share of the vulnerability is CVE-2 0 1 3-3 9 0 6, is also a typical overflow type office...

Symantec Protection Engine 7.0.x < 7.0.5 HF01 / 7.5.x < 7.5.3 HF03 / 7.8.x < 7.8.0 HF01 Multiple Vulnerabilities (SYM16-010) (*nix check)

The version of Symantec Protection Engine installed on the remote host is 7.0.x prior to 7.0.5 HF01, 7.5.x prior to 7.5.3 HF03, or 7.8.x prior to 7.8.0 HF01. It is, therefore, affected by multiple vulnerabilities : - An array indexing error exists in the Unpack::ShortLZ function within file...

SUSE SLES11 Security Update : cracklib (SUSE-SU-2016:2211-1)

This update for cracklib fixes a security issue and a bug: Security issue fixed : - Add patch to fix a stack-based buffer overflow in GECOS parser bsc992966 CVE-2016-6318 The following non security issue was fixed : - Call textdomain in cracklib-check main function so that program output is...

glibc - getaddrinfo Remote Stack Buffer Overflow

glibc - getaddrinfo Remote Stack Buffer Overflow / add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html -...

CVE-2016-5680

CVE-2016-5680 corresponds to a stack-based buffer overflow in NUUO NVRmini 2 (firmware 1.7.6–3.0.0) and NETGEAR ReadyNAS Surveillance 1.1.2, triggered by the sn parameter to the transfer_license command in the cgi_main binary. The issue allows remote or local code execution and is part of a broad...

CVE-2016-5681

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before...

CVE-2016-6318

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service application crash or gain privileges via a long GECOS field, involving longbuffer...

openSUSE Security Update : libarchive (openSUSE-2016-969)

libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921...

CVE-2016-5408

Stack-based buffer overflow in the mungeotherline function in cachemgr.cgi in the squid package before 3.1.23-16.el68.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for...

CVE-2016-5408

Stack-based buffer overflow in the mungeotherline function in cachemgr.cgi in the squid package before 3.1.23-16.el68.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for...

Wireshark 1.12.x < 1.12.13 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 1.12.13. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.12.13 advisory. - The NDS dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet on...