The vulnerability of Firefox and Firefox ESR browsers allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the Metadata::setData function found in MetaData.cpp in libstagefright in Firefox and Firefox ESR browsers arises due to a loss of precision for integer operations. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure using an...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure

The vulnerability in the implementation of the HTTP/2 protocol in Firefox browsers arises from the loss of precision in calculations. Exploiting this vulnerability allows a malicious actor to cause a service failure—the appearance of an error message indicating “Assertion failure” or an emergency...

Oracle Linux 7 : wireshark (ELSA-2015-2393)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2393 advisory. - Related: CVE-2015-6244 - Resolves: CVE-2015-3182 - Resolves: CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6248 - Resolves:...

wireshark security, bug fix, and enhancement update

1.10.14-7.0.1 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.10.14-7 - Rebase some tvbuff API from upstream to 1.10.14 - Fixes crash when tvblengthremaining is used - Related: CVE-2015-6244 1.10.14-6 - Security patch - Resolves: CVE-2015-3182 1.10.14-5 - Fix crash...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the MPEG4Extractor::parseChunk function in the libstagefright library of the Android operating system is due to a loss of integer precision. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted MPEG-4 format data...

UBUNTU-CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

sqlite: stack buffer overflow in src/printf.c

It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts...

sqlite: stack buffer overflow in src/printf.c

It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts...

GE Healthcare Precision MPi Built-in Account Vulnerability

GE Healthcare Precision MPi is an MPi system for the healthcare industry. GE Healthcare Precision MPi has built-in accounts; serviceapp users use the 'orion' password; clinical operator users use the 'orion' password; and administrator users use the 'PlatinumOne' password, allowing remote attacke...

Multiple Dell devices vulnerable

Dell Latitude, etc. are the products of the United States Dell Dell company.Dell Latitude and OptiPlex are notebook product models; Precision Mobile Workstation is a precision mobile workstation; Precision Workstation CS is a set of mobile workstation Client; BIOS Basic Input-Output System is a s...

CVE-2014-7233

GE Healthcare Precision THUNIS-800+ has a default password of 1 1973 for the factory default System Utilities menu, 2 TH8740 for installation using TH8740122Setup.exe, 3 hrml for "Setup and Activation" using DSASetup, and 4 an empty string for Shutter Configuration, which has unspecified impact a...

CVE-2012-6660

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...

Privilege escalation

GE Healthcare Precision THUNIS-800+ has a default password of 1 1973 for the factory default System Utilities menu, 2 TH8740 for installation using TH8740122Setup.exe, 3 hrml for "Setup and Activation" using DSASetup, and 4 an empty string for Shutter Configuration, which has unspecified impact a...

Hardcoded credentials

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...

CVE-2012-6660

GE Healthcare Precision MP/i is affected by a vulnerability (CVE-2012-6660) due to default or hard-coded credentials for multiple accounts: serviceapp uses the orion password, clinical operator uses orion, and administrator uses PlatinumOne. The ICS advisory (GE Healthcare vulnerability) confirms...

CVE-2014-7233

CVE-2014-7233 concerns GE Healthcare Precision THUNIS-800+ with default credentials: factory System Utilities password (1973), installation password (TH8740), Setup/Activation password (hrml), and an empty Shutter password. Root cause is use of default/hard-coded credentials in multiple access po...

CVE-2012-6660

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...

USN-2698-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2013-7443 Michal Zalewski...

wireshark security, bug fix, and enhancement update

1.8.10-17.0.2 - Fix ocfs2 dissector John Haxby orabug 21505640 1.8.10-17.0.1.el6 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.8.10-17 - security patches - Resolves: CVE-2015-2189 CVE-2015-2191 1.8.10-16 - security patches - Resolves: CVE-2014-8710 CVE-2014-8711...

ntp, ntpdate security update

CentOS Errata and Security Advisory CESA-2015:1459 Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabili...