9454 matches found
Integer overflow in ANGLE library — Mozilla
Security researcher Alex Chapman reported that the Almost Native Graphics Layer Engine ANGLE library used by Mozilla is vulnerable to an integer overflow. This vulnerability is present because of insufficient bounds checking in the drawLineLoop function, which can be driven by web content to...
NativeKey continues handling key messages after widget is destroyed — Mozilla
Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a...
Memory corruption involving scrolling — Mozilla
Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents...
GC hazard with default compartments and frame chain restoration — Mozilla
Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger...
Use-after-free with select element — Mozilla
Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a element in a form after it has been destroyed. This could lead to a potentially exploitable crash...
Solaris 10 (x86) : 149639-02 (deprecated)
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: USB hub driver. Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in...
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL:...
Sophos Web Protection Appliance - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL:...
Sophos Web Protection Appliance Command Injection Vulnerability
Core Security Technologies Advisory - Sophos Web Protection Appliance versions 3.7.9 and earlier, 3.8.1, and 3.8.0 suffer from multiple OS command injection vulnerabilities. Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance...
Updated asterisk package fixes security vulnerabilities
A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present CVE-2013-5641. A remotely exploitable crash vulnerability exists in the S...
ICONICS GENESIS32 Multiple Memory Corruption
Overview Independent security researchers Billy Rios and Terry McCorkle have identified eight memory corruption vulnerabilities affecting the ICONICS GENESIS32 product. GENESIS32 is a web-deployable human-machine interface HMI supervisory control and data acquisition SCADA product. These...
AVTECH DVR Buffer Overflow / CAPTCHA Bypass
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ AVTECH DVR multiple vulnerabilities 1. Advisory Information Title: AVTECH DVR multiple vulnerabilities Advisory ID: CORE-2013-0726 Advisory URL: http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities Date...
Aloaha PDF Suite Buffer Overflow Vulnerability
Advisory ID Internal CORE-2013-0805 1. Advisory Information Title: Aloaha PDF Suite Buffer Overflow Vulnerability Advisory ID: CORE-2013-0805 Advisory URL:http://www.coresecurity.com/advisories/aloaha-pdf-suite-buffer-overflow-vulnerability Date published: 2013-08-28 Date of last update:...
IBM 1754 GCM16 1.18.0.22011 Command Execution
I. Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. II. Vulnerability information Impact: Command execution Remotely exploitable: yes CVE: 2013-0526 CVS Score: 8.5 III. Vulnerability details GCM16 v.1.18.0.22011 and...
Siemens WinCC Exploitable Crashes
Overview ICS-CERT Advisory ICSA-11-175-02P was originally released to the US-CERT Portal on June 24, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from independent security researchers Billy Rios and Terry...
CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
Crash during WAV audio file decoding — Mozilla
Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service DOS attack by malicious parties...
Use after free mutating DOM during SetBody — Mozilla
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash...