Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)

Summary The vulnerabilities have been addressed in the libxml2 component of IBM Cognos Metrics Manager Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader when processing XML dat...

CVE-2018-12266

system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code...

Description of the security update for vulnerabilities in Windows Server 2008: June 12, 2018

Description of the security update for vulnerabilities in Windows Server 2008: June 12, 2018 Summary Multiple vulnerabilities exist within Windows Server 2008.To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures CVE. CVE-2018-1040 CVE-2018-8225...

XenMobile 10.8 fixed issues

XenMobile 10.8 includes the following fixed issues. For fixed issues related to XenMobile Apps, seeFixed issues. When you upload an .ipa enterprise app to XenMobile Server, occasionally the upload fails. The following error message appears: Uploaded mobile app is invalid. Application icon was not...

CVE-2017-5382

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox 51...

CVE-2017-5382

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox 51...

DEBIAN-CVE-2016-9899

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

System logs rapidly grow in size filled by veeamsnap errors

Agent for Linux kernel driver veeamsnap fills system logs with memory allocation error messages rapidly, system might get low on disk space...

SUSE-SU-2018:1417-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw bsc1081379. - CVE-2017-16818: User reachable asserts allow for DoS bsc1063014. Bug fixes: - bsc1061461: OSDs keep generating coredumps after adding new OSD node to...

openSUSE: Security Advisory for xen (openSUSE-SU-2018:1487-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine lies in memory object handling errors, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript scenario handler ChakraCore arises due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Excel editors arises from errors in memory object processing, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Excel spreadsheet editors is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file from a remote location...

The vulnerability of Microsoft Internet Explorer arises from errors in memory object handling, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Internet Explorer arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Excel editors arises from errors in memory object processing, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Excel spreadsheet editors is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file from a remote location...

The vulnerability of Microsoft Excel editors arises from errors in memory object processing, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Excel spreadsheet editors is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file from a remote location...

SUSE-SU-2018:1456-1 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3639: Spectre V4 – Speculative Store Bypass aka 'Memory Disambiguation' bsc1092631 This feature can be controlled by the 'ssbd=on/off' commandline flag for the XEN hypervisor. - CVE-2018-10982: x86 vHPET interrupt...

Fedora 26 : xen (2018-7cd077ddd3)

x86: mishandling of debug exceptions XSA-260, CVE-2018-8897 x86 vHPET interrupt injection errors XSA-261, CVE-2018-10982 1576089 qemu may drive Xen into unbounded loop XSA-262, CVE-2018-10981 1576680 Note that Tenable Network Security has extracted the preceding description block directly from th...

The vulnerability of the Qualcomm QTEE API in the Android operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm QTEE API in the Android operating system is related to errors in handling array indexes. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Input validation

Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCC...