MGASA-2019-0315 Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC...

DeviceViewer 3.12.0.1 - 'creating user' Denial of Service

!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: ...

Binary Vulnerability in Flying Pigeon Network Printing Component

Flying Pigeon is a LAN instant messaging software for enterprises, schools and families, realizing high-speed transmission of messages and files within LAN and printing on Flying Pigeon network. A binary vulnerability exists in the Flying Pigeon Network Printing component, which can be exploited ...

BMP image processing binary vulnerability in Windshield Viewer

Wind Shadow Picture Viewer is a computer client picture viewing software, small and lightweight, simple interface, comprehensive features, compatible with hundreds of image formats, including commonly used JPG, BMP, PNG and other conventional image formats and PDS and other professional image...

Binary Vulnerability in Windshade Viewer FyPicViewer.exe Handling TIFs

Wind Shadow Picture Viewer is a computer client picture viewing software, small and lightweight, simple interface, comprehensive features, compatible with hundreds of image formats, including commonly used JPG, BMP, PNG and other conventional image formats and PDS and other professional image...

Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

DEBIAN-CVE-2018-17281

There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connecti...

CVE-2018-5100

A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox 58...

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

EmTec PyroBatchFTP Denial of Service Vulnerability

EmTec PyroBatchFTP is an FTP software. A security vulnerability exists in EmTec PyroBatchFTP that allows remote attackers to exploit the vulnerability by submitting a special request to crash the application...

libXpm: Out-of-bounds write in XPM extension parsing

An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file...

DEBIAN-CVE-2016-2161

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...

QEMU Denial of Service Vulnerability (CNVD-2017-24571)

QEMU aka Quick Emulator is a suite of analog processor software developed by French programmer Fabrice Bellard. QEMU suffers from a denial of service vulnerability. An attacker could exploit the vulnerability to crash a QEMU instance, resulting in a denial of service condition...

VideoLAN VLC Multimedia Player Denial of Service Vulnerability

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. The product supports playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A...

Google Chrome Apps Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google Inc. in the United States. A memory misreference vulnerability exists in Google Chrome Apps, which allows remote attackers to exploit the vulnerability by submitting a special WEB page and tricking the user into parsing it, which could crash the...

Wireshark NCP Parser Input Validation Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.NCP dissector is one of the network control protocol parsers. An input validatio...

MGASA-2017-0082 Updated thunderbird packages fix security vulnerability

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. CVE-2017-5400 A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may...

Cairo 'cairo-png.c' Integer Overflow Vulnerability

Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...

QEMU 'v9fs_link()' function denial of service vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in the QEMU 'v9fslink' function. An attacker can exploit this vulnerability to cause a denial of...