Lucene search
K

194 matches found

Tenable Nessus
Tenable Nessus
added 2018/05/02 12:0 a.m.55 views

EulerOS 2.0 SP2 : libvorbis (EulerOS-SA-2018-1105)

According to the version of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the...

8.8CVSS8AI score0.12054EPSS
Exploits0References2
OSV
OSV
added 2018/03/23 8:24 a.m.8 views

SUSE-SU-2018:0784-1 Security update for libvorbis

This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data bsc1085687...

8.8CVSS9.3AI score0.12054EPSS
Exploits0References3
Mozilla
Mozilla
added 2018/03/23 12:0 a.m.528 views

Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandb...

9.8CVSS2.1AI score0.12054EPSS
Exploits3References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/19 12:0 a.m.32 views

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerability (USN-3599-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3599-1 advisory. An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker...

8.8CVSS8.2AI score0.12054EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2018/03/18 12:0 a.m.56 views

[ASA-201803-13] firefox: arbitrary code execution

Arch Linux Security Advisory ASA-201803-13 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2018-5146 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-657 Summary ======= The package firefox before...

8.8CVSS1.9AI score0.12054EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2018/03/16 9:48 p.m.53 views

USN-3599-1: Firefox vulnerability

An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2018-5146...

8.8CVSS7.7AI score0.12054EPSS
Exploits0
NVD
NVD
added 2018/03/04 10:29 p.m.21 views

CVE-2018-7661

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...

5.3CVSS5.3AI score0.00948EPSS
Exploits5References2
OSV
OSV
added 2018/03/04 10:29 p.m.4 views

CVE-2018-7661

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...

5.3CVSS5.8AI score0.00948EPSS
Exploits5References2
Prion
Prion
added 2018/03/04 10:29 p.m.13 views

Default credentials

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...

2.9CVSS5.3AI score0.00948EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/03/04 10:0 p.m.23 views

CVE-2018-7661

Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...

5.2AI score0.00948EPSS
Exploits5References2
CVE
CVE
added 2018/03/04 10:0 p.m.52 views

CVE-2018-7661

CVE-2018-7661 affects Papenmeier WiFi Baby Monitor Free & Lite (before version 2.02.2). A remote attacker can obtain audio data by sending requests to TCP ports 8258 and 8257, the latter acting as a heartbeat while 8258 carries the audio stream. Public sources (CNVD, NVD, Exploit-DB) corroborate ...

5.3CVSS5.2AI score0.00948EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2017/09/21 3:29 p.m.20 views

CVE-2017-8278

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur...

9.3CVSS7.6AI score0.0047EPSS
Exploits0References2
Prion
Prion
added 2017/09/21 3:29 p.m.16 views

Integer overflow

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur...

9.3CVSS8.1AI score0.0047EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/09/21 3:0 p.m.45 views

CVE-2017-8278

CVE-2017-8278 affects Qualcomm Audio driver in Android CAF builds (Linux kernel). Description across sources indicates an overflow in audio data handling (buffer/integer overflow) that could enable Elevation of Privilege via the Qualcomm audio stack. The CVE is listed under Qualcomm components wi...

9.3CVSS8.1AI score0.0047EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/21 3:0 p.m.17 views

CVE-2017-8278

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur...

8.3AI score0.0047EPSS
Exploits0References2
CNVD
CNVD
added 2017/03/03 12:0 a.m.6 views

Yandex Browser for iOS Security Bypass Vulnerability

Yandex Browser for iOS is an iOS-based browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser for iOS versions prior to 16.10.0.2357, which stems from the program's failure to properly restrict the handling of facetime:// URLs. A remote attacker can exploit the...

6.5CVSS6.7AI score0.01516EPSS
Exploits0References1
OSV
OSV
added 2017/03/01 3:59 p.m.7 views

CVE-2016-8507

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site...

6.5CVSS5.8AI score0.01516EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/03/01 3:0 p.m.27 views

CVE-2016-8507

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site...

6.2AI score0.01516EPSS
Exploits0References2
NVD
NVD
added 2017/02/20 8:59 a.m.16 views

CVE-2016-7577

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended...

4.3CVSS3.4AI score0.01121EPSS
Exploits0References3
OSV
OSV
added 2017/02/20 8:59 a.m.2 views

CVE-2016-7577

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended...

3.7CVSS5.8AI score0.01121EPSS
Exploits0References3
Rows per page
Query Builder