4371 matches found
Debian DLA-1143-1 : curl security update
Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response. For Debian 7 'Wheezy', this problem has been fixed in version 7.26.0-1+wheezy22. We recommend that you upgrade your curl packages. NOTE: Tenable...
[SECURITY] [DLA 1143-1] curl security update
Package : curl Version : 7.26.0-1+wheezy22 CVE ID : CVE-2017-1000257 Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response. For Debian 7 "Wheezy", this problem has been fixed in version...
USN-3457-1 curl vulnerability
Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code...
Security update for MozillaThunderbird (important)
Mozilla Thunderbird was updated to 52.4.0 boo1060445 new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.overridelistreplyto allows to restore the previous...
Mozilla: Use-after-free with Fetch API (MFSA 2017-22)
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
KLA11116 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code. Below is a complete list of vulnerabilities: 1. A...
CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
UBUNTU-CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
ThunderShell - PowerShell based RAT
ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...
Mozilla Firefox, Firefox ESR and Thunderbird Memory Misreference Vulnerability
Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...
Mozilla: Use-after-free with Fetch API (MFSA 2017-22)
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
UBUNTU-CVE-2017-12621
During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...
Security vulnerabilities fixed in Firefox ESR 52.4 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements...
Security vulnerabilities fixed in Firefox 56 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...
UBUNTU-CVE-2017-12944
The TIFFReadDirEntryArray function in tifread.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service allocation failure and application crash in the TIFFFetchStripThing function in tifdirread.c during a tiff2pdf invocation...
The vulnerability of the Oniguruma library, related to incorrect handling of numbers, allows attackers to cause memory corruption.
The vulnerability of the Oniguruma library arises from the incorrect processing of numbers greater than 0xff in the functions fetchtoken and fetchtokenincc during the compilation of regular expressions. Exploiting this vulnerability allows a remote attacker to cause a memory corruption by using a...
Important: kernel
Issue Overview: Buffer overflow in mpoverridelegacyirq: Buffer overflow in the mpoverridelegacyirq function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. CVE-2017-11473 A race between inotifyhandleevent and...
Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass Exploit Title: IP Camera VACRON VIG-US731VE Date: 2017-07-18 Exploit Author: anonymous Vendor Homepage: www.vacron.com Version: V1.0.18-09-B727 1. doesn't require credentials to fetch snapshot like this:...