Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2019-3634: McAfee Support – The Page You Are Looking for Has Been Moved

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.

CVE
#windows#buffer_overflow
CVE-2019-5039: TALOS-2019-0802 || Cisco Talos Intelligence Group

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.

CVE-2019-5038: TALOS-2019-0801 || Cisco Talos Intelligence Group

An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command.

CVE-2019-4253: Security Bulletin: IBM Informix Dynamic Server is affected by privilege escalation vulnerabilities

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.

CVE-2018-1635: IBM Informix Dynamic Server Enterprise Edition buffer overflow CVE-2018-1635 Vulnerability Report

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.

CVE-2018-1636: IBM Informix Dynamic Server Enterprise Edition buffer overflow CVE-2018-1636 Vulnerability Report

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.

CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

CVE-2019-15218

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

CVE-2019-13106: Commits · u-boot/u-boot

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.

CVE-2014-8184: Invalid Bug ID

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.