CVE-2018-5177

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...

UBUNTU-CVE-2018-5177

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...

openSUSE Security Update : nodejs6 (openSUSE-2018-444)

This update for nodejs6 fixes the following issues : - Fix some node-gyp permissions - New upstream LTS release 6.14.1 : - Security fixes : + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability bsc1087463 + CVE-2018-7158: Fix for 'path' module regular expression denial of service...

KEY HODLERS KeepKey Formatted String Vulnerability

KEY HODLERS KeepKey is a device for storing bitcoins from KEY HODLERS USA. A formatting string vulnerability exists in KEY HODLERS KeepKey version 4.0.0. An attacker could exploit this vulnerability to access information to which they are not authorized to have access...

SUSE-SU-2018:0552-1 Security update for SUSE Manager Server 3.1

This update fixes the following issues: nutch: - Fix hadoop log dir. bsc1061574 osad, rhnlib: - Fix update mechanism when updating the updateservice bsc1073619 pxe-default-image: - Spectre and Meltdown mitigation. CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, bsc1068032 spacecmd: - Support multipl...

Apache Thrift Go client library remote code execution vulnerability

Apache Thrift is the United States Apache Apache Software Foundation's set of remote invocation framework , which allows in the definition file to define data types and service interfaces . Go client library is one of the client library . The Go client library in Apache Thrift is vulnerable to a...

Amazon Linux AMI : quagga (ALAS-2018-957)

Infinite loop issue triggered by invalid OPEN message allows denial-of-service An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is...

Important: quagga

Issue Overview: Infinite loop issue triggered by invalid OPEN message allows denial-of-service An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it...

CVE-2018-5380

A vulnerability was found in Quagga, in the log formatting code. Specially crafted messages sent by BGP peers could cause Quagga to read one element past the end of certain static arrays, causing arbitrary binary data to appear in the logs or potentially, a crash...

Microsoft Outlook Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote messag...

Command injection

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

Open-Xchange: SSRF - RSS feed, blacklist bypass (IP Formatting)

FYI - Tested on local installation of App Suite 7.8.4 REV 17 Hello, There appears to be a SSRF vulnerability in the below endpoint. This is due to a failure in the App Suite code when evaluating an IP address against a blacklist. The SSRF is limited to scanning hosts on port 80/443 but accuracy i...

Huawei VP9660 License Module Formatting String Vulnerability

Huawei VP9660 is a new-generation multimedia switching platform with 1080p60 full editing and decoding capability developed by Huawei, which is oriented to customer needs and combines the advantages of network equipment manufacturing. A formatting string vulnerability exists in the Huawei VP9660...

EulerOS 2.0 SP2 : irssi (EulerOS-SA-2017-1284)

According to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the...

EulerOS 2.0 SP1 : irssi (EulerOS-SA-2017-1283)

According to the versions of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the...

openSUSE Security Update : konversation (openSUSE-2017-1306)

This update for konversation fixes the following issues : Security issue fixed : - CVE-2017-15923: Fixed a crash in parsing IRC color formatting codes boo1068097. Bug fixes : - Update to version 1.7.4 : - Fixed a bug causing the size of a custom chat text view font set via the configuration dialo...

Debian DLA-1174-1 : konversation security update

It was discovered that there was a denial of service vulnerability in the konversation IRC client related to parsing of color formatting codes. For Debian 7 'Wheezy', this issue has been fixed in konversation version 1.4-1+deb7u2. We recommend that you upgrade your konversation packages. NOTE:...

MGASA-2017-0419 Updated konversation packages fix security vulnerability

Joseph Bisch discovered that Konversation could crash when parsing certain IRC color formatting codes CVE-2017-15923...