Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3897-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3897-1 advisory. A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attack...

Updated spice packages fix security vulnerability

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...

KLA11421 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. Multiple buffer errors vulnerabilities can be exploited...

Microsoft Edge CVE-2019-0645 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Edge Recommendations...

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125)

Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-0125 Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controll...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

Security Bulletin: Vulnerabilities in cURL affect IBM Flex System Chassis Management Module (CMM)

Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in cURL. Vulnerability Details Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in cURL. Vulnerability Details: CVEID: CVE-2016-8615 Description: cURL/libcurl is vulnerable t...

CVE-2018-17431

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL...

CVE-2018-17679

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

USN-3860-2: libcaca vulnerabilities

USN-3860-1 fixed a vulnerability in libcaca. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. CVE-2018-20544 It...

Arbitrary Code Execution

java-1.6.0-ibm is vulnerable to arbitrary code execution attacks. The vulnerability exists as a buffer overflow in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.4...

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS attacks. The vulnerability exists through multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a...

Denial Of Service (DoS)

freeradius is vulnerable to denial of service DoS attacks. The vulnerability exists as a stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly...

Denial Of Service (Dos)

perl-DBD-Pg is vulnerable to denial of service. A format string vulnerability in dbdimp.c in DBD::Pg allows remote attackers to crash the process, or potentially execute arbitrary code, via a malicious database warning to the pgwarn function or DBD statement to the dbdstprepare function...

ReSIProcate Heap Buffer Overflow (CVE-2018-12584)

A heap buffer overflow vulnerability exists in the ReSIProcate. A remote, unauthenticated attackers could exploit this vulnerability by sending specially crafted SIP packets to the target server. Successful exploitation would result in arbitrary code execution...

EulerOS Virtualization 2.5.2 : ghostscript (EulerOS-SA-2018-1412)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...

CVE-2018-19357

XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow via a crafted http:// URL in a .m3u file...

Ubuntu: Security Advisory (USN-3847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

CVE-2018-19234

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...