SUSE-SU-2017:1317-1 Security update for bash

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault...

The vulnerability of the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the videousercopy function in the Linux kernel’s drivers/media/video/v4l2-ioctl.c file, within the a v4l2extcontrols data structure of the Linux operating system, is related to resource management errors. Exploiting this vulnerability could allow an attacker to trigger a...

The vulnerability of the Junos operating system allows a perpetrator to trigger a system failure and restart the device.

The vulnerability of the LDP configuration in the Junos operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to trigger an emergency shutdown and restart of the device remotely...

DEBIAN-CVE-2017-5461

Mozilla Network Security Services NSS before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by leveraging incorrect base64 operations...

May 9, 2017—KB4019213 (Security-only update)

May 9, 2017—KB4019213 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication,...

Avast Pro Antivirus Multiple Vulnerabilities

Avast Pro Antivirus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:avast:avastproantivirus...

Mozilla Thunderbird < 52.1 Multiple Vulnerabilities (macOS)

The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP...

CVE-2017-7945

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account nam...

Null pointer dereference

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...

DEBIAN-CVE-2017-7895

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...

CVE-2017-7895

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...

CVE-2017-7895

CVE-2017-7895 affects the Linux kernel NFSv2/v3 server (fs/nfsd/nfs3xdr.c, fs/nfsd/nfsxdr.c). A remote attacker can craft requests that bypass end-of-buffer checks, triggering pointer-arithmetic errors or other unspecified impacts. Affected kernels include up to 4.10.13; remediation is to upgrade...

CVE-2017-7895

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...

CVE-2017-7895

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...

The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to breach the confidentiality of information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat are related to reading beyond the buffer limit and memory leaks resulting from parsing segment APP13 into JPEG files. Exploiting these...

The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the DLL library of OCR plugins for programs that read and edit PDF files, such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud, is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor...

NetIQ Access Manage Cross-Site Scripting Vulnerability

NetIQ Access Manager NAM is a resource access control solution from NetIQ, USA. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A cross-site scripting vulnerability exists in the /NAGErrors URI in NAM versions 4.2 and 4.3, whi...

Debian DLA-906-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. For Debian 7 'Wheezy', these...

The vulnerability of the Android operating system, which allows a hacker to compromise the security of information

The vulnerability of the Qualcomm operating system Android is related to errors in the code. Exploiting this vulnerability can allow a remote attacker to compromise the security of information...

[SECURITY] [DLA 906-1] firefox-esr security update

Package : firefox-esr Version : 45.9.0esr-1deb7u1 CVE ID : CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448...