Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable application crashes. C Tenable Network Security, Inc. include'compat.inc'; if...

Mozilla Firefox < 56.0

The version of Firefox installed on the remote Windows host is prior to 56.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-21 advisory. - Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, David Keeler,...

Mozilla Firefox ESR < 52.4

The version of Firefox ESR installed on the remote Windows host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-22 advisory. - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter,...

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

Heap overflow

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

GE CIMPLICITY (Update A)

CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-278-01 GE CIMPLICITY that was published October 5,...

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

CVE-2017-8021

EMC Elastic Cloud Storage ECS before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system...

Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation (Update B)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This update...

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the serv...

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is...

Moxa AWK-3131A Web Application systemlog.log Information Disclosure Vulnerability(CVE-2016-8725)

Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versions Moxa AWK-3131...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability(CVE-2017-2841)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...

CVE-2017-2809

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

Unauthorized Access Vulnerability in the Android Version of Xinlian Energy Cloud APP

Xinlian Electricity Cloud App is an electric energy application that allows you to view the overall electricity consumption information and the information of each electricity sub-circuit online. Xinlian Electricity Cloud APP Android version has an unauthorized access vulnerability, which allows...