SUSE-SU-2018:2647-1 Security update for nodejs4

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client...

K7 Anti-Virus Premium Multiple Vulnerabilities (Nov 2017)

K7 Anti-Virus Premium is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nokogiri implementation of libxslt lacks integer overflow checks

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

GHSA-PF6M-FXPQ-FG8V Nokogiri implementation of libxslt lacks integer overflow checks

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

chromium-browser: Stack buffer overflow in Skia

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...

CVE-2018-6153

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...

Security Bulletin: A vulnerability in libvorbis affects PowerKVM

Summary PowerKVM is affected by a vulnerability in libvorbis. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-5146 DESCRIPTION: libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds...

chromium-browser: Out of bounds write in V8

Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

Google Chrome Out-of-Bounds Memory Write Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 67.0.3396.87. The vulnerability can be exploited by an attacker to perform a write operatio...

CVE-2018-6149

Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

CVE-2018-5718

Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service BSOD or modify kernel-mode...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1039) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1037) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

ALPINE-CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

DEBIAN-CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

DEBIAN-CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

Design/Logic Flaw

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...