Security fix for the ALT Linux 10 package firefox-esr version 60.2.2-alt1

Oct. 2, 2018 Andrey Cherepanov 60.2.2-alt1 - New ESR version 60.2.2 - Fixed: + CVE-2018-12386 Type confusion in JavaScript + CVE-2018-12387 JavaScript JIT compiler inlines Array.prototype.push with multiple arguments...

Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2 — Mozilla

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with...

@spectrellc/specscript-complier (>=0.0.1 <=0.1.2), maltodextrin (=1.0.0) +1 more potentially affected by CVE-2017-16074 via crossenv (=0.0.2-security)

crossenv NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on crossenv and may be impacted: - @spectrellc/specscript-complier =0.0.1, =2.0.0, =2.2.0 Source cves: CVE-2017-16074 Source advisory: OSV:GHSA-C2M4-W5HM-VQJW...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

oxenstored does not apply quota-maxentity

ISSUE DESCRIPTION The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual: http://caml.inria.fr/pub/docs/manual-ocaml/expr.html the order of evaluation of...

Portforge.Cr - A Script Which Opens Multiple Sockets From A Specific Port Range You Input

This script is intended to open as many sockets as you which between 1024 - 65535. Lower than 1024 works too but you have to be a root user for that. This can be useful when you don't want people to map out your device and see what you're running and not, so it's a small step to defeat...

kernel security and bug fix update

kernel 2.6.18-419.0.0.0.10 - Backport CVE-2017-5715 to RHCK/OL5 orabug 27787723 2.6.18-419.0.0.0.9 - rebuild with retpoline compiler...

Security Bulletin: IBM QRadar Network Security is affected by a GNU Compiler Collection (GCC) vulnerability

Summary IBM QRadar Network Security has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-11671 DESCRIPTION: GNU Compiler Collection GCC could provide weaker than expected security, caused by a flaw in the ix86expandbuiltin function in i386.c. A remote attacker could...

[SECURITY] Fedora 28 Update: rust-1.27.1-2.fc28

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 27 Update: rust-1.27.1-2.fc27

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Memoro - A Detailed Heap Profiler

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

Security Bulletin: A vulnerability in gcc affects PowerKVM

Summary PowerKVM is affected by a vulnerability in the GNU Compiler Collection GCC. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-11671 DESCRIPTION: GNU Compiler Collection GCC could provide weaker than expected security, caused by a flaw in the ix86expandbuiltin...

Privilege Escalation

microsoft.chakracore is vulnerable to privilege escalation. The vulnerability exists because the compiler contains a bug during escape analysis, leading to privilege escalation. This CVE ID is different from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894,...

EulerOS 2.0 SP3 : gcc (EulerOS-SA-2018-1174)

According to the versions of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The gcc package contains the GNU Compiler Collection version 4.8.You'll need this package in order to compile C code. - Security fixes: - Under...

Fedora 27 : webkitgtk4 (2018-aac3ca8936)

This update addresses the following vulnerabilities : - CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, CVE-2018-11646. Additional fixes : - Fix installation directory of API documentation. - Disable Gigacage if mmap fails to allocate in...

SUSE-SU-2018:1822-1 Security update for gcc43

This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. bsc1086069 The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpoline...

Marked Module Denial of Service Vulnerability

marked module is a Markdown compiler for browsers, servers and command line interfaces. A security vulnerability exists in the marked module. An attacker could exploit this vulnerability to cause a denial of service...

frames-compiler remote code execution vulnerability

The frames-compiler is a suite of software for building a wide range of applications, providing a graphical user interface that supports multiple platforms. A security vulnerability exists in frames-compiler that originates when the program downloads binary resources over the HTTP protocol. A...

DEBIAN-CVE-2016-5296

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...