Google WebRTC VP9 Out-of-Bounds Memory Access Vulnerability

WebRTC, whose name derives from the acronym Web Real-Time Communication, is a technology that supports real-time voice or video conversations in web browsers. A security vulnerability exists in Google WebRTC VP9. An attacker can exploit the vulnerability to cause Chrome to crash. The vulnerabilit...

RHEL 7 : glusterfs (RHSA-2018:1954)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1954 advisory. GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance fo...

[SECURITY] Fedora 28 Update: strongswan-5.6.3-1.fc28

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

Unspecified vulnerability in react-native-meteor-oauth

react-native-meteor-oauth is a plugin for logging in to the Meteor server in React Native. A security vulnerability exists in react-native-meteor-oauth, which stems from the program's use of a weakly encrypted pseudo-random number generator to generate oauth random tokens Random Token. An attacke...

react-native-baidu-voice-synthesizer code execution vulnerability

react-native-baidu-voice-synthesizer is a speech synthesizer for use in Node.js. A security vulnerability exists in react-native-baidu-voice-synthesizer, which originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerabilit...

CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

DEBIAN-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

DEBIAN-CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

Format string

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects...

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access Exploit

Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporali...

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access Exploit

Exploit for multiple platform in category dos / poc There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed from the...

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code:...

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access

There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed from the incoming packet header. If the incoming frame is of...

WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access

There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code: sizet temporalidx = info.gof-temporalidxgofidx; ... for sizet l = 0...

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access

WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed fr...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

McAfee Management of Native Encryption Elevation of Privilege Vulnerability

McAfee Management of Native Encryption MNE is a suite of software for local disk encryption from the American company McAfee. The software is able to encrypt local disks and prevent sensitive information from leaking. A privilege extraction vulnerability exists in McAfee MNE versions prior to...

CVE-2018-6662

Privilege Escalation vulnerability in McAfee Management of Native Encryption MNE before 4.1.4 allows local users to gain elevated privileges via a crafted user input...

CVE-2018-6662

Privilege Escalation vulnerability in McAfee Management of Native Encryption MNE before 4.1.4 allows local users to gain elevated privileges via a crafted user input...

Privilege escalation

Privilege Escalation vulnerability in McAfee Management of Native Encryption MNE before 4.1.4 allows local users to gain elevated privileges via a crafted user input...