Scientific Linux Security Update : firefox on SL7.x x86_64 (20180628)

This update upgrades Firefox to version 60.1.0 ESR. Many older firefox extensions must be updated to work with this new release. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 CVE-2018-5188 - Mozilla: Buffer overflow using computed size ...

Updated firefox packages fix security vulnerability

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 CVE-2018-5188. Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359. Mozilla: Use-after-free using focus CVE-2018-12360. Mozilla: Media recorder segmentation fault when track type is changed during capture CVE-2018-515...

MGASA-2018-0305 Updated firefox packages fix security vulnerability

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 CVE-2018-5188. Mozilla: Buffer overflow using computed size of canvas element CVE-2018-12359. Mozilla: Use-after-free using focus CVE-2018-12360. Mozilla: Media recorder segmentation fault when track type is changed during capture CVE-2018-515...

Mozilla Firefox ESR Security Advisories (MFSA2018-15, MFSA2018-17) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2017-17443

OPC Foundation Local Discovery Server LDS 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the...

(0Day) Delta Industrial Automation DOPSoft DPA File TagTotalSize Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

PT-2017-19217 · Sma Solar Technology · Sunny Tripower +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: An issue was discovered in SMA Solar Technology products where sending nonsense data or...

UBUNTU-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

CVE-2016-2370

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability...

CVE-2016-6693

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585...

The vulnerability of the Linter Bastion database management system allows a malicious individual to cause errors in the program’s operation or execute arbitrary code.

The design of the RPC server linstmgr.exe is based on the assumption that client applications will always send valid data and behave as expected. Sending invalid data may cause errors in the program’s operation or may execute arbitrary code...

Pidgin MXIT Protocol Denial of Service Vulnerability (CNVD-2016-04335)

Pidgin is a cross-platform real-time communication client. A denial-of-service vulnerability exists in the MXIT protocol processing in Pidgin version 2.10.11, which can be exploited by an attacker to cause a denial of service read across boundaries by sending invalid data...

PT-2016-5136 · Pidgin +2 · Pidgin +2

Name of the Vulnerable Software and Affected Versions: Pidgin affected versions not specified Description: A denial of service issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious server or an attacke...

CVE-2016-2365

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger th...

Adobe Acrobat and Reader Denial of Service (APSB15-15: CVE-2015-5091)

A denial of service vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to invalid data. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...

chromium-browser: Use-after-free in accessibility.

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures...

Adobe Reader/Acrobat Denial of Service Vulnerability (CNVD-2015-04601)

Adobe Reader Acrobat is the United States Adobe developed a very popular and excellent PDF document reading software. A denial of service vulnerability exists in Adobe Reader/Acrobat that allows attackers to cause a denial of service via invalid data...

LeafDigital LeafChat 1.7 DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1396/info If invalid data is sent repeatedly from a IRC server to a LeafDigital LeafChat IRC client, the program will stop responding. Restarting the application will be required in order to regain normal functionality. /...

PsychoStats <= 2.3 - Server.PHP Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24039/info PsychoStats is prone to a path-disclosure issue when invalid data is submitted. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerab...

Nuke Bookmarks 0.6 Marks.php Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12906/info Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted. This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable...