Ubuntu 14.04 LTS / 16.04 LTS : Thunderbird vulnerabilities (USN-3545-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3545-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing...

CVE-2015-2003

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

CVE-2015-2003

Summary: CVE-2015-2003 affects the PJSIP PJSUA2 SDK for Android prior to SVN Changeset 51322. The underlying issue is in a Serializable class’s finalize method, which improperly passes an attacker-controlled pointer to a native function, enabling arbitrary code execution. Documents consistently d...

CVE-2015-2003

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

CVE-2015-2002

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

CVE-2018-0175

Format String vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges o...

Path traversal

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isiphonehome tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary...

CVE-2018-1203

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges...

Input validation

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash...

CVE-2018-5474

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash...

Buffer overflow

Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service DoS condition or execute arbitrary code via unspecified vectors...

CVE-2018-0541

Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service DoS condition or execute arbitrary code via unspecified vectors...

Debian DSA-4147-1 : polarssl - security update

Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Mozilla Thunderbird Security Advisories (MFSA2018-04, MFSA2018-04) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Debian: Security Advisory (DSA-4147-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in Internet Explorer arises from an operation that goes beyond the buffer boundaries in memory, allowing a malicious actor to execute arbitrary code and trigger a denial-of-service attack.

The vulnerability of the Internet Explorer browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause a service failure by using a specially crafted web page...

CVE-2018-8000

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted...

CVE-2018-8000

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted...

CVE-2017-17221

Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient...

Rapid Scada Elevation of Privilege Vulnerability

Rapid Scada is a free and open source SCADA software. The software supports the creation of industrial automation, home automation, and energy accounting types of systems. A security vulnerability exists in Rapid Scada version 5.5.0, which stems from a weak access control restriction set by the...