Cisco WebEx Browser Extension Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx...

ffmpeg: Global-buffer-overflow in ff_acelp_interpolatef

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=4791735110598656 Project: ffmpeg Fuzzer: aflffmpegAUDIOAVCODECIDAMRNBfuzzer Fuzz target binary: ffmpegAUDIOAVCODECIDAMRNBfuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overfl...

openjpeg: incorrect fix for CVE-2013-6045

A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or possible code execution...

CVE-2016-7648

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2016-7987

An issue was discovered in Siemens ETA4 firmware all versions prior to Revision 08 of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start migh...

CVE-2017-3823

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin...

DEBIAN-CVE-2016-7992

The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cipifprint...

mysql -- denial of service vulnerability

Openwall reports: C client library for MySQL libmysqlclient.so has use-after-free defect which can cause crash of applications using that MySQL client...

DEBIAN-CVE-2016-9588

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the BP and OF exceptions, which allows guest OS users to cause a denial of service guest OS crash by declining to handle an exception thrown by an L2 guest...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC S7-300 CPU family All versions, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 PN/DP V6 and below CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP V7 CPU family incl. SIPLUS...

CVE-2016-9158

A vulnerability has been identified in SIMATIC S7-300 CPU family All versions, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 PN/DP V6 and below CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP V7 CPU family incl. SIPLUS...

CVE-2016-9158

A vulnerability has been identified in SIMATIC S7-300 CPU family All versions, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 PN/DP V6 and below CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP V7 CPU family incl. SIPLUS...

CVE-2016-9158

CVE-2016-9158 affects SIMATIC S7-300 CPU family (including related ET200 CPUs and SIPLUS variants) and SIMATIC S7-400 PN/DP V6–V7 (with SIPLUS variants) and SIMATIC S7-410 V8. The issue is improper input handling: specially crafted packets to port 80/tcp can cause the devices to enter defect mode...

PT-2016-7672

Name of the Vulnerable Software and Affected Versions SIMATIC S7-300 CPU family versions all SIMATIC S7-400 PN/DP V6 and below CPU family versions all SIMATIC S7-400 PN/DP V7 CPU family versions all SIMATIC S7-400 V6 and earlier CPU family versions all SIMATIC S7-400 V7 CPU family versions all...

SUSE SLES12 Security Update : bind (SUSE-SU-2016:2696-1)

This update for bind fixes the following security issue : - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829. Note that Tenable Networ...

SUSE-SU-2016:2697-2 Security update for bind

This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829. - Fix BIND to return a valid...

CVE-2016-7113

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2016-7113

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2016-7113

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2016-7113

Siemens SIPROTEC 4/Compact EN100 Ethernet module vulnerabilities include CVE-2016-7113 (IMPROPER INPUT VALIDATION) where specially crafted packets to Port 80/TCP may cause the EN100 module to enter defect mode. Affected firmware variants are PROFINET IO (< V1.04.01), Modbus TCP (< V1.10.01/...