160 matches found
CVE-2018-18505
An earlier fix for an Inter-process Communication IPC vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the...
CVE-2018-18505
CVE-2018-18505 concerns an IPC privilege-escalation in Mozilla products where an authentication added during IPC process creation is not applied to channels created later, enabling potential sandbox escape through IPC channels. Public advisories tie this to Thunderbird and Firefox releases prior ...
Mozilla Firefox elevation of privilege vulnerability (CNVD-2019-05566)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from the program's lack of message validation. An attacker can exploit the vulnerability to bypass the sandbox...
Mozilla Firefox Security Advisories (MFSA2018-31, MFSA2019-03) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox ESR Security Advisories (MFSA2018-31, MFSA2019-03) - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
CVE-2018-16657
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcittstringarray core function for calculating a CRC hash for To tags. An additional error is present ...
FedMsg not properly completing message validation
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...
Denial of Service Vulnerability in Multiple Huawei Products (CNVD-2018-10506)
Huawei DP300 and others are products of Huawei, China.DP300 is a video conferencing terminal.RP200 is an all-in-one video conferencing device. A security vulnerability exists in a number of Huawei products, which stems from a program that fails to adequately validate messages. An attacker could...
CVE-2017-17300
Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain...
CVE-2018-0850
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability"...
Integer Overflow Vulnerability in Multiple Huawei Products
Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. An integer overflow vulnerability exists in multiple Huawei products, which is due to the device failing to adequately validate some fields in a messag...
Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-37731)
Huawei AR120-S and others are router products from Huawei China. A buffer overflow vulnerability exists in multiple Huawei products due to a program failing to adequately validate some values in a message. A remote attacker could exploit this vulnerability by sending specially crafted SIP message...
Buffer Overflow Vulnerability in SIP Backup Module for Multiple Huawei Products
Huawei DP300 and so on are products of Huawei, China.Huawei DP300 is a video conferencing end device.IPS Module is an intrusion prevention module.SIP backup is one of the SIP backup modules. A buffer overflow vulnerability exists in the SIP backup module in multiple Huawei products due to the...
Missing Message Validation
fedmsg is missing message validation. The library contains a bug where the base class' default value does not enable signature validation...
CVE-2017-1000001
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...
PYSEC-2017-13
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...
PYSEC-2017-13
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...
Input validation
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...
CVE-2017-1000001
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...
UBUNTU-CVE-2017-1000001
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...