Debian DLA-1118-1 : firefox-esr security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware...

[SECURITY] [DLA 1118-1] firefox-esr security update

Package : firefox-esr Version : 52.4.0esr-2deb7u1 CVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees,...

[SECURITY] [DSA 3987-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3987-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2017 https://www.debian.org/security/faq -...

The vulnerability of the IBM Tivoli Endpoint Manager automation tool, which is part of the BigFix IT equipment management platform, allows a hacker to trigger an emergency shutdown of the system.

The vulnerability of the IBM Tivoli Endpoint Manager automation tool, a unified management platform for IT equipment, is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to trigger an emergency shutdown of the system resulting in memory resource...

sam2p -- multiple issues

sam2p developers report: In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file inpcx.cpp. In sam2p 0.49.3, the inxpmreader function in inxpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. In sam2p...

UBUNTU-CVE-2015-4707

Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...

What Triggers HTTPS Chrome Browser Warnings?

A lot of hours go into debugging the cause of and tweaking the HTTPS error warnings that pop up in Google’s Chrome browser. Researchers from Google, Purdue University, the International Institute of Information Technology Hyderabad, and the Leibniz University of Hanover Germany have spent the las...

[SECURITY] Fedora 25 Update: ripright-0.11-5.fc25

RipRight is a minimal CD ripper modeled on autorip. It can run as a daemon and will automatically start ripping any CD found in the drive after which the disc will be ejected. Ripping is always to FLAC lossless audio format with tags taken from the community-maintained MusicBrainz lookup service...

UBUNTU-CVE-2017-0380

The rendserviceintroestablished function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to t...

The vulnerability of the memory handler and free function handlers in the Android operating system from the CAF repository allows a attacker to trigger the use of memory after it has been freed.

The vulnerability of Android operating system memory handlers and free functions from the CAF repository stems from synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to trigger the use of memory after it has been freed...

The vulnerability of the ReadPSDImage function (coders/png.c.) in the console-based graphic editor ImageMagick allows a hacker to cause a service failure.

The vulnerability of the ReadPSDImage function coders/png.c. in the console-based graphic editor ImageMagick is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the ReadBMPImage function (coders/bmp.c) in the console-based image editing tool ImageMagick allows a hacker to cause a service failure.

The vulnerability of the ReadBMPImage function coder/bmp.c in the console-based graphic editor ImageMagick is related to resource management errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure memory consumption through a specially created B...

USN-3415-2: tcpdump vulnerabilities

USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the corresponding tcpdump update for Ubuntu 12.04 ESM. Original advisory details: Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attack...

USN-3415-1: tcpdump vulnerabilities

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service application crash or possibly execute arbitrary code. CVE-2017-11543 Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function...

Ubuntu 14.04 LTS / 16.04 LTS : tcpdump vulnerabilities (USN-3415-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3415-1 advisory. Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service...

Ubuntu: Security Advisory (USN-3415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Connected Medicine and Its Diagnosis

Medical data is slowly but surely migrating from paper mediums to the digital infrastructure of medical institutions. Today, the data is "scattered" across databases, portals, medical equipment, etc. In some cases, the security of the network infrastructure of such organizations is neglected, and...

The vulnerability of the CRYPTO_ASSOC function in the ntpd daemon of the Network Time Protocol, allowing a intruder to cause a service failure.

The vulnerability of the CRYPTOASSOC function in the ntpd daemon of the Network Time Protocol is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause a service failure e.g., memory usage issues...

The vulnerability of the load_level function in the console-based image editing tool ImageMagick, which allows a hacker to trigger a service failure

The vulnerability of the loadlevel function in the coders/xcf.c file of the console-based graphic editor ImageMagick is related to resource management errors. Exploiting this vulnerability allows a remote attacker to trigger a service failure memory exhaustion due to loadtile using a specially...

Error Cannot get apps from the store on Storefront

Upgraded Storefront from 3.9 to 3.11. During the test conducted I am able to successfully: - Log in via browser Chrome internally and externally and launch applications. - Open Citrix Receiver internally, log in and launch apps. What no longer works is external receiver access. On launching the...