Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8358PUBLISHED: 2019-02-16In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
CVE-2019-8354PUBLISHED: 2019-02-15An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2019-8355PUBLISHED: 2019-02-15An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
CVE-2019-8356PUBLISHED: 2019-02-15An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8357PUBLISHED: 2019-02-15An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
User Rank: Ninja
1/3/2018 | 10:59:13 AM
I still have a collection of 3.5 disks containing 1990 backup data from my old 486 system. Having reliable backups (ransomware) is NOTHING NEW.
"Those who do not learn history are doomed to repeat it"