FreeBSD : qemu -- stack buffer overflow while parsing SCSI commands (a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28)

Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the SCSI device emulation support is vulnerable to a stack-based buffer overflow issue. It could occur while parsing SCSI command descriptor block with an invalid operation code. A privilegedCAPSYSRAWIO user inside...

UBUNTU-CVE-2015-9542

addpassword in pamradiusauth.c in pamradius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy. An attacker could send a crafted password to an application loading the pamradius library and crash it. Arbitrary code...

qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRLGETINFO command. A privileged guest user could use this flaw to crash...

Avast! Antivirus 'strcpy()' function stack buffer overflow vulnerability

Avast! Antivirus is a suite of antivirus programs from the Czech company Avast. A buffer overflow vulnerability exists in the Avast! Antivirus 'strcpy' function, which allows an attacker to exploit the vulnerability to crash the application or execute arbitrary code...

IBM Tivoli Storage Manager FastBack Server Multiple Vulnerabilities

IBM Tivoli Storage Manager FastBack is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=663 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=644 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

Wireshark - AirPDcapPacketProcess Stack Buffer Overflow

Wireshark - AirPDcapPacketProcess Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=642 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark ...

Wireshark - file_read wtap_read_bytes_or_eofmp2t_find_next_pcr Stack Buffer Overflow

Wireshark - fileread wtapreadbytesoreofmp2tfindnextpcr Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=655 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a...

Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow

Wireshark - dissecttds7colmetadatatoken Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=663 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to...

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC)

!/usr/bin/python Title: IBM Tivoli Storage Manager FastBack Server 5.5.4.2 FXCLISetConfFileChunk Stack Buffer Overflow Vulnerability Date: 14 December 2015 Author: Gianni Gnesa gnix Vendor Homepage: http://www.ibm.com/ Software Name: IBM Tivoli Storage Manager FastBack Software Version: 5.5.4.2 x...

IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - _FXCLI_GetConfFileChunk Stack Buffer Overflow E

Exploit for windows platform in category dos / poc !/usr/bin/python Title: IBM Tivoli Storage Manager FastBack Server 5.5.4.2 FXCLIGetConfFileChunk Stack Buffer Overflow Vulnerability Date: 14 December 2015 Author: Gianni Gnesa gnix Vendor Homepage: http://www.ibm.com/ Software Name: IBM Tivoli...

Adobe Flash Player and AIR Stack Buffer Overflow Vulnerability (CNVD-2015-08194)

FlashPlayer is a multimedia program player. Adobe AIR is a technology developed for the integration of web and desktop applications, allowing control of cloud-based programs on the web without having to go through a browser. A stack buffer overflow vulnerability exists in the implementation of...

Adobe Flash Player <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.245. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2015-8438, CVE-2015-8446 ...

MS KB3119147: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge

The remote Windows host is missing KB3119147. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2015-8438, CVE-2015-8446 - Multiple memory corruption issues exist that allow an attacker t...

Google Chrome < 47.0.2526.80 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 47.0.2526.80. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists related to extensions that allows an attacker to have an unspecified impact. CVE-2015-6788 - A use-after-free error...

Adobe AIR for Mac <= 19.0.0.241 Multiple Vulnerabilities (APSB15-32)

The version of Adobe AIR installed on the remote Mac OS X host is equal or prior to version 19.0.0.241. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2015-8438, CVE-2015-8446 - Multip...

Adobe AIR <= 19.0.0.241 Multiple Vulnerabilities (APSB15-32)

The version of Adobe AIR installed on the remote Windows host is equal or prior to version 19.0.0.241. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2015-8438, CVE-2015-8446 - Multipl...

Adobe Flash Player for Mac <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.245. It is, therefore, affected by multiple vulnerabilities : - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2015-8438, CVE-2015-8446 ...

Google Chrome < 47.0.2526.80 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 47.0.2526.80. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists related to extensions that allows an attacker to have an unspecified impact. CVE-2015-6788 - A use-after-free error...