CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

CVE-2017-16578

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-16578

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Trend Micro Smart Protection Server Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities Date published: 2017-12-19 Date of last update:...

The vulnerability of the Lenovo Service Framework (LSF) processing push notifications lies in the lack of measures to clean up special elements used in the command line. This allows a perpetrator to execute arbitrary commands or run arbitrary code.

The vulnerability of the Lenovo Service Framework LSF software for processing push notifications on devices running the Android operating system is related to the lack of measures to clean up special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2017-11022

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the...

CVE-2017-11022

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the...

Microsoft Patch Tuesday - November 2017

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing throug...

Security update for hostapd (important)

This update for hostapd fixes the following issues: - Fix KRACK attacks on the AP side boo1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088: Hostap was updated to upstream release 2.6 fixed EAP-pwd last fragment validation...

GHSA-2XJJ-5X6H-8VMF Cross-site Scripting in actionpack

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

Cross-site Scripting in actionpack

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

The vulnerability in the visual Git client SourceTree exists due to the lack of measures taken to neutralize special elements used in the operating system command. This allows a malicious user to execute arbitrary commands.

The vulnerability of the visual Git client SourceTree exists because measures to neutralize special elements used in the operating system command are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by modifying the URL address...

KLA11116 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code. Below is a complete list of vulnerabilities: 1. A...

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:2589-1)

This update for MozillaFirefox to ESR 52.3 fixes several issues. These security issues were fixed : - CVE-2017-7807 Domain hijacking through AppCache fallback bsc1052829 - CVE-2017-7791 Spoofing following page navigation with data: protocol and modal alerts bsc1052829 - CVE-2017-7792 Buffer...

Mozilla: Use-after-free during ARIA array manipulation (MFSA 2017-22)

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

Mozilla: Buffer overflow when drawing and validating elements with ANGLE (MFSA 2017-22)

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR...

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

SUSE-SU-2017:2589-1 Security update for MozillaFirefox

This update for MozillaFirefox to ESR 52.3 fixes several issues. These security issues were fixed: - CVE-2017-7807 Domain hijacking through AppCache fallback bsc1052829 - CVE-2017-7791 Spoofing following page navigation with data: protocol and modal alerts bsc1052829 - CVE-2017-7792 Buffer overfl...