6028 matches found
UBUNTU-CVE-2018-5148
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...
Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 52.7 and Thunderbird 52.7...
UBUNTU-CVE-2018-5130
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR 52.7 and Firefox 59...
UBUNTU-CVE-2018-5129
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...
AZL-6824 CVE-2017-18207 affecting package python2 for versions less than 2.7.18-8
The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service divide-by-zero and exception via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications...
FreeXL heap buffer out-of-bounds read vulnerability (CNVD-2018-05154)
FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A heap buffer out-of-bounds read vulnerability exists in the 'parseSST' function in versions of FreeXL prior to 1.0.5. An attacker can exploit this...
Suricata HTTP Inspection Bypass Vulnerability
Suricata is a set of network intrusion detection system IDS, intrusion prevention system IPS and network security monitoring engine developed by the Open Information Security Foundation OISF and its supported vendors, which supports multi-threading, built-in IPv6, and the ability to load...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
Mozilla: Use-after-free with widget listener (MFSA 2018-03)
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefo...
Mozilla: Use-after-free while editing form elements (MFSA 2018-03)
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
Unspecified Vulnerability in JBMC DirectAdmin
JBMC DirectAdmin is a server visual management panel from JBMC Software Canada. A security vulnerability exists in JBMC DirectAdmin versions prior to 1.52. A remote attacker can exploit this vulnerability by sending a request to gain access or cause a denial of service segmentation error...
UBUNTU-CVE-2018-5111
When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects...
Auth0 passport-wsfed-saml2 elevation of privilege vulnerability
Auth0 passport-wsfed-saml2 library is a set of Auth0 development platform of the United States Auth0 company's tool library . A security vulnerability exists in Auth0 passport-wsfed-saml2 library versions prior to 3.0.5. An attacker can exploit the vulnerability to spoof other users and potential...
UBUNTU-CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
UBUNTU-CVE-2017-7827
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 57...
UBUNTU-CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
Symantec Endpoint Encryption Denial of Service Vulnerability (CNVD-2017-36540)
Symantec Endpoint Encryption SEE is a suite of software from Symantec Corporation that provides advanced encryption and management capabilities for desktops, laptops, and removable storage devices. A security vulnerability exists in Symantec Endpoint Encryption in versions prior to SEE 11.1.3MP1...
CVE-2017-9947
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server 80/tcp and 443/tcp to obtain information on the structure o...
CVE-2017-6223
Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating...
Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...