Lucene search
K

4371 matches found

Tenable Nessus
Tenable Nessus
added 2017/10/25 12:0 a.m.22 views

Debian DLA-1143-1 : curl security update

Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response. For Debian 7 'Wheezy', this problem has been fixed in version 7.26.0-1+wheezy22. We recommend that you upgrade your curl packages. NOTE: Tenable...

9.1CVSS6.8AI score0.06224EPSS
Exploits0References3
Debian
Debian
added 2017/10/24 8:38 p.m.29 views

[SECURITY] [DLA 1143-1] curl security update

Package : curl Version : 7.26.0-1+wheezy22 CVE ID : CVE-2017-1000257 Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response. For Debian 7 "Wheezy", this problem has been fixed in version...

9.1CVSS9.3AI score0.06224EPSS
Exploits0
OSV
OSV
added 2017/10/23 12:49 p.m.3 views

USN-3457-1 curl vulnerability

Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.1CVSS7.4AI score0.06224EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2017/10/12 12:13 a.m.82 views

Security update for MozillaThunderbird (important)

Mozilla Thunderbird was updated to 52.4.0 boo1060445 new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.overridelistreplyto allows to restore the previous...

9.1AI score0.03641EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2017/10/11 11:40 p.m.7 views

Mozilla: Use-after-free with Fetch API (MFSA 2017-22)

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS7.3AI score0.02344EPSS
Exploits0References5
Kaspersky
Kaspersky
added 2017/10/09 12:0 a.m.53 views

KLA11116 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code. Below is a complete list of vulnerabilities: 1. A...

10CVSS10AI score0.03641EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2017/10/02 12:0 a.m.29 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS7.1AI score0.02344EPSS
Exploits0References4
OSV
OSV
added 2017/10/02 12:0 a.m.2 views

UBUNTU-CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS7.1AI score0.02344EPSS
Exploits0References5
Kitploit
Kitploit
added 2017/09/30 2:25 p.m.83 views

ThunderShell - PowerShell based RAT

ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...

8.2AI score
Exploits0References1
CNVD
CNVD
added 2017/09/29 12:0 a.m.2 views

Mozilla Firefox, Firefox ESR and Thunderbird Memory Misreference Vulnerability

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...

9.8CVSS8.7AI score0.02344EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/09/28 11:47 p.m.5 views

Mozilla: Use-after-free with Fetch API (MFSA 2017-22)

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS7.3AI score0.02344EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2017/09/28 6:49 p.m.28 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS3AI score0.02344EPSS
Exploits0References2
OSV
OSV
added 2017/09/28 1:29 a.m.1 views

UBUNTU-CVE-2017-12621

During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...

9.8CVSS6.9AI score0.08536EPSS
Exploits3References3
Mozilla
Mozilla
added 2017/09/28 12:0 a.m.531 views

Security vulnerabilities fixed in Firefox ESR 52.4 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements...

9.8CVSS0.2AI score0.03641EPSS
Exploits2References10Affected Software1
Mozilla
Mozilla
added 2017/09/28 12:0 a.m.539 views

Security vulnerabilities fixed in Firefox 56 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...

9.8CVSS10AI score0.03641EPSS
Exploits4References19Affected Software1
OSV
OSV
added 2017/08/18 12:0 a.m.2 views

UBUNTU-CVE-2017-12944

The TIFFReadDirEntryArray function in tifread.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service allocation failure and application crash in the TIFFFetchStripThing function in tifdirread.c during a tiff2pdf invocation...

7.5CVSS6.8AI score0.02671EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/08/18 12:0 a.m.6 views

The vulnerability of the Oniguruma library, related to incorrect handling of numbers, allows attackers to cause memory corruption.

The vulnerability of the Oniguruma library arises from the incorrect processing of numbers greater than 0xff in the functions fetchtoken and fetchtokenincc during the compilation of regular expressions. Exploiting this vulnerability allows a remote attacker to cause a memory corruption by using a...

7.5CVSS7AI score0.07511EPSS
Exploits1References4Affected Software3
Amazon
Amazon
added 2017/08/17 12:0 a.m.72 views

Important: kernel

Issue Overview: Buffer overflow in mpoverridelegacyirq: Buffer overflow in the mpoverridelegacyirq function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. CVE-2017-11473 A race between inotifyhandleevent and...

7.8CVSS7AI score0.01223EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2017/08/01 4:4 p.m.4 views

Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch

The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...

6CVSS7.4AI score0.00386EPSS
Exploits0References4
exploitpack
exploitpack
added 2017/07/20 12:0 a.m.12 views

VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass

VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass Exploit Title: IP Camera VACRON VIG-US731VE Date: 2017-07-18 Exploit Author: anonymous Vendor Homepage: www.vacron.com Version: V1.0.18-09-B727 1. doesn't require credentials to fetch snapshot like this:...

0.4AI score
Exploits0
Rows per page
Query Builder