Debian DLA-1171-1 : libxml-libxml-perl security update

The XML::LibXML perl module is affected by a 'use-after-free' vulnerability which allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. For Debian 7 'Wheezy', these problems have been fixed in version 2.0001+dfsg-1+deb7u2. We recommend that you...

KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information. Original advisories CVE-2017-11791 CVE-2017-11803 CVE-2017-11827...

Microsoft Edge Scripting Engine CVE-2017-11862 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

CVE-2017-13816

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash via a crafted archive file...

CVE-2017-13788

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote...

Buffer overflow

Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service heap corruption and crash or execute arbitrary code via a long string to the open method...

KLA11132 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service and to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Stack buffer overflow in QUIC can be exploited remotely by an...

CVE-2017-12178

xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

CVE-2017-12179

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in SProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

HP UCMDB Foundation Software Directory Traversal Vulnerability

HP UCMDB Foundation Software is able to provide users with bottom-up capabilities that include four parts: infrastructure auto-discovery, data modeling, service mapping definition and service impact analysis. A directory traversal vulnerability exists in HP UCMDB Foundation Software, which could...

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

Design/Logic Flaw

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf...

Type confusion

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2017-5116

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Apple iTunes Security Updates (HT208141)

Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...

Active Record contains deserialization of arbitrary YAML

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

GHSA-FHJ9-CJJH-27VM Active Record contains deserialization of arbitrary YAML

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

Stack overflow

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the 1 pingaddr parameter to PingIframeRpm.htm or 2 dnsserver2 parameter to WanStaticIpV6CfgRpm.htm...

CVE-2016-5714

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol PXP Command...