194 matches found
EulerOS 2.0 SP2 : libvorbis (EulerOS-SA-2018-1105)
According to the version of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the...
SUSE-SU-2018:0784-1 Security update for libvorbis
This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data bsc1085687...
Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandb...
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerability (USN-3599-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3599-1 advisory. An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker...
[ASA-201803-13] firefox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-13 ========================================== Severity: Critical Date : 2018-03-18 CVE-ID : CVE-2018-5146 Package : firefox Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-657 Summary ======= The package firefox before...
USN-3599-1: Firefox vulnerability
An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2018-5146...
CVE-2018-7661
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...
CVE-2018-7661
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...
Default credentials
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...
CVE-2018-7661
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...
CVE-2018-7661
CVE-2018-7661 affects Papenmeier WiFi Baby Monitor Free & Lite (before version 2.02.2). A remote attacker can obtain audio data by sending requests to TCP ports 8258 and 8257, the latter acting as a heartbeat while 8258 carries the audio stream. Public sources (CNVD, NVD, Exploit-DB) corroborate ...
CVE-2017-8278
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur...
Integer overflow
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur...
CVE-2017-8278
CVE-2017-8278 affects Qualcomm Audio driver in Android CAF builds (Linux kernel). Description across sources indicates an overflow in audio data handling (buffer/integer overflow) that could enable Elevation of Privilege via the Qualcomm audio stack. The CVE is listed under Qualcomm components wi...
CVE-2017-8278
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur...
Yandex Browser for iOS Security Bypass Vulnerability
Yandex Browser for iOS is an iOS-based browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser for iOS versions prior to 16.10.0.2357, which stems from the program's failure to properly restrict the handling of facetime:// URLs. A remote attacker can exploit the...
CVE-2016-8507
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site...
CVE-2016-8507
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site...
CVE-2016-7577
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended...
CVE-2016-7577
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended...