CVE-2010-5301

CVE-2010-5301: Kolibri WebServer 2.0 is affected by a stack-based buffer overflow when handling a long URI in a HEAD request, enabling remote code execution. The connected documents corroborate an RCE risk via crafted requests; no explicit patch/version remediation is provided in the supplied sou...

openSUSE Security Update : plib (openSUSE-SU-2012:1506-1)

This update of plib fixed two stack-based buffer overflows. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-789. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : csound (openSUSE-SU-2012:0315-1)

This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files CVE-2012-0270. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2012:0091-1)

A stack-based buffer overflow in the glyph handling of libqt4's harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)

Libmodplug is vulnerable to a stack based buffer overflow when handling malicious S3M media files. CVE-2011-1574 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

openSUSE Security Update : nagios (openSUSE-SU-2014:0516-1)

Nagios was updated to fix a stack-based buffer overflow in the cmdsubmitf function in the CGI handler. CVE-2014-1878 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-291. The text...

openSUSE Security Update : quagga (openSUSE-SU-2010:0984-1)

This update of quagga fixes two security issues : - CVE-2010-2948: CVSS v2 Base Score: 6.5 MEDIUM AV:N/AC:L/Au:S/C:P/I:P/A:P Stack-based buffer overflow while processing malformed Route-Refresh messages. - CVE-2010-2949: CVSS v2 Base Score: 5.0 MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P Denial of service...

openSUSE Security Update : pixman (openSUSE-SU-2013:1421-1)

libpixman was updated to fix a stack based buffer overflow CVE-2013-1591. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-686. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)

Libmodplug is vulnerable to a stack based buffer overflow when handling malicious S3M media files. CVE-2011-1574 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

CVE-2010-5300

Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long file name in a zip archive...

Design/Logic Flaw

Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow...

CVE-2014-2977

Multiple integer signedness errors in the DispatchWrite function in proxy/dispatcher/idirectfbsurfacedispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow...

CVE-2014-2977

CVE-2014-2977 in DirectFB (Dispatch_Write in proxy/dispatcher/idirectfbsurface_dispatcher.c) allows remote attackers to cause a denial of service (crash) and possibly execute code via the Voodoo interface; CVE-2014-2978 is an out-of-bounds write in the same area. Connected advisories confirm thes...

CVE-2014-3912

Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value...

CVE-2014-3913

Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file...

CVE-2011-5280

Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service crash via a long trickle-up to 1 client/cstrickle.cpp or 2 db/dbbase.cpp...

CVE-2014-3936

Stack-based buffer overflow in the dohnap function in www/mycgi.cgi in D-Link DSP-W215 Rev. A1 with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in...

CVE-2014-3936

CVE-2014-3936 affects D-Link DSP-W215 (Rev. A1) 1.01b06 and earlier, DIR-505 firmware prior to 1.08b10, and DIR-505L prior to 1.01. The flaw is a stack-based buffer overflow in the do_hnap function (www/my_cgi.cgi) triggered by a long Content-Length header in a GetDeviceSettings HNAP request, all...

CVE-2014-3936

Stack-based buffer overflow in the dohnap function in www/mycgi.cgi in D-Link DSP-W215 Rev. A1 with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in...

Updated cifs-utils packages fix CVE-2014-2830

Updated cifs-utils packages fix security vulnerability: Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830...