CVE-2015-8708

Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...

CVE-2015-5158

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...

CVE-2016-2292

CVE-2016-2292 describes a stack-based/heap-related vulnerability in Pro-face GP-Pro EX HMI software (models EX-ED, PFXEXEDV, PFXEXEDLS, PFXEXGRPLS) with affected versions from 1.00 to 4.0.4. The NVD record indicates a stack-based buffer overflow that can allow a remote attacker to execute arbitra...

CVE-2016-0840

Multiple stack-based buffer underflows in decoder/ih264dparsecavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 26399350...

BGQ_REDBOOKS (Doc Number=4680): Blue Gene/Q Security Bulletin notification

Abstract BGQREDBOOKS Doc Number=4680: Blue Gene/Q Security Bulletin notification Blue Gene Knowledge Base document 773911444 : Security Bulletin: GNU C library glibc vulnerability affects CVE-2015-7547 A GNU C library glibc stack-based buffer overflow in getaddrinfo vulnerability affects Blue...

CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

CVE-2015-8837

CVE-2015-8837 concerns FuseISO’s isofs.c in isofs_real_readdir, where a stack-based buffer overflow can be triggered by a long pathname in an ISO file, potentially leading to denial of service or arbitrary code execution. Related issue CVE-2015-8836 is an integer overflow in isofs_real_read_zf (i...

CVE-2016-2344

Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service daemon crash via a crafted command. NOTE: this is only a vulnerability in environments in which the...

Debian Security Advisory DSA 3532-1 (quagga - security update)

Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service daemon crash, or potentially, execution of arbitrary code, if bgpd is configure...

Debian: Security Advisory (DSA-3532-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : xen-4.5.2-9.fc23 (2016-f4504e9445)

Qemu: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714 1296080 Qemu: i386: NULL pointer dereference in vapicwrite CVE-2016-1922 1292767 qemu: Stack-based buffer overflow in megasasctrlgetinfo CVE-2015-8613 1293305 qemu-kvm: Infinite loop and out-of-bounds transfer start i...

CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

CVE-2016-3191

CVE-2016-3191 affects the PCRE PCRE2 libraries: PCRE up to 8.x before 8.39 and PCRE2 up to 10.22 mishandle patterns containing an (*ACCEPT) substring when nested parentheses are present in the compile_branch path, enabling remote attackers to execute arbitrary code or cause a stack-based DoS via ...

CVE-2016-2342

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

Stack overflow

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

CVE-2016-2342

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

CVE-2016-2342

Removed by vendor...

CVE-2016-2342

The CVE-2016-2342 issue affects Quagga’s bgpd component, specifically the VPNv4 NLRI parser (bgp_mplsvpn.c). A stack-based buffer overflow arises when handling Labeled-VPN SAFI routes data due to incorrect length handling during a data copy, enabling a remote attacker to potentially execute arbit...

Debian DSA-3495-1 : xymon - security update

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...