CVE-2016-5296

CVE-2016-5296 is a heap-based buffer overflow in Cairo when processing SVG content, caused by compiler optimization. It affects Mozilla Thunderbird and Firefox/Firefox ESR as described in Mozilla advisories, and is also present in IBM Storwize V7000 Unified (Affecting 1.5.0.0–1.5.2.5; fixed in 1....

SUSE SLES11 Security Update : gcc43 (SUSE-SU-2018:1498-1) (Spectre)

This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. bsc1086069 The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpoline...

grunt-ccompiler Man-in-the-Middle Attack Vulnerability

grunt-ccompiler is a Grunt plugin for compiling Closure. A security vulnerability exists in grunt-ccompiler that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

SUSE-SU-2018:1498-1 Security update for gcc43

This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. bsc1086069 The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpoline...

Man-in-the-Middle (MitM)

frames-compiler is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Scanner 3.0 - Local Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafel Date: 2018-06-05 Vendor Homepage: https://www.10-strike.com/ Vulnerable Software: https://www.10-strike.com/network-scanner/network-scanner.exe Tested on: Windows XP Professional ...

CVE-2016-10636

grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10636

** grunt-ccompiler** is a Closure Compiler Grunt Plugin that insecurely downloads executables over HTTP. An attacker with a privileged network position can intercept the response and replace the binary with a malicious one, potentially causing remote code execution on the system running grunt-cco...

CVE-2016-10636

grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10649

The CVE-2016-10649 entry concerns the frames-compiler project, where binary resources are downloaded over HTTP. The associated disclosures describe that an attacker with privileged network position can intercept the HTTP response and swap the requested binary with a malicious one, potentially lea...

LibSaas null pointer dereference vulnerability (CNVD-2018-15182)

LibSaas is a C/C++ implementation of the Sass compiler. A null pointer dereference vulnerability exists in the Sass::Expand::operator function in LibSaas 3.5.2 and earlier. An attacker could exploit this vulnerability to cause a denial of service application crash or possibly other impact...

riot-compiler denial of service vulnerability

riot-compiler is a compiler for riot user interface library. A security vulnerability exists in the regex in riot-compiler version 2.3.21. An attacker can exploit this vulnerability to cause a denial of service...

LibSaas Out-of-Bounds Read Vulnerability

LibSaas is a C/C++ implementation of the Sass compiler. An out-of-bounds read vulnerability exists in the Sass::handleerror function in LibSaas 3.5.4 and earlier. An attacker could use this vulnerability to obtain information or cause a denial of service...

Design/Logic Flaw

The riot-compiler version version 2.3.21 has an issue in a regex Catastrophic Backtracking thats make it unusable under certain conditions...

CVE-2016-10527

The riot-compiler version version 2.3.21 has an issue in a regex Catastrophic Backtracking thats make it unusable under certain conditions...

CVE-2016-10527

The riot-compiler version version 2.3.21 has an issue in a regex Catastrophic Backtracking thats make it unusable under certain conditions...

CVE-2016-10527

The riot-compiler project (version 2.3.21) contains a regex vulnerability causing a regular expression denial of service (catastrophic backtracking) under certain inputs. This affects riot-compiler’s ability to process some patterns efficiently, potentially impacting availability. The issue is do...

CVE-2016-10527

The riot-compiler version version 2.3.21 has an issue in a regex Catastrophic Backtracking thats make it unusable under certain conditions...

[SECURITY] Fedora 27 Update: ncurses-6.0-14.20170722.fc27

The curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses new curses library is a freely distributable replacement for the discontinued 4.4 BSD classic curses library. This package contains support utilities, including a...

CVE-2016-10635

broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...