SUSE-SU-2019:2871-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB...

Amazon Linux 2 : httpd (ALAS-2019-1341)

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A vulnerability was...

RHEL 8 : thunderbird (RHSA-2019:3237)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3237 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fixes: Mozilla:...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)

This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...

CVE-2019-15683

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...

CVE-2016-4289

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...

Stack overflow

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...

Stack overflow

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...

CVE-2016-4289

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...

CVE-2019-15683

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...

CVE-2019-15683

CVE-2019-15683 affects TurboVNC server. A stack-based buffer overflow exists in code prior to commit cea98166008301e614e0d36776bf9435a536136e, due to insufficient stack canary protection. The vulnerability can be exploited over the network and requires server authorization to trigger. Patches fix...

binutils:fuzz_disassemble: Stack-buffer-overflow in get_register_operand

Detailed Report: https://oss-fuzz.com/testcase?key=5704746958848000 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 15 Crash Address: 0x7ffc8c3d1b3a Crash State: getregisteroperand...

Mozilla: Stack buffer overflow in HKDF output

A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a buffer stored on the memory stack. This could allow an attacker to execute arbitrary code or lead to a crash. This flaw can be exploited over the network...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Medium: httpd

Issue Overview: A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A...

Security update for procps (important)

openSUSE Security Update: Security update for procps Announcement ID: openSUSE-SU-2019:2376-1 Rating: important References: 1092100 1121753 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: openSUSE Leap 15.1 An update that fixes 5...

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to denial of service DoS. The attack exists because it causes a Stack buffer overflow in WebRTC networking...

Denial Of Serivce (DoS)

Mozilla Firefox is vulnerable to denial of service DoS. It causes a Stack buffer overflow in HKDF output...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20191023)

This update upgrades Firefox to version 68.2.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...

CVE-2019-11760

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...