236 matches found
Mozilla Firefox ESR < 45.9
The version of Firefox ESR installed on the remote Windows host is prior to 45.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-11 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. CVE-2017-5469 - A...
Mozilla Firefox ESR < 52.1
The version of Firefox ESR installed on the remote Windows host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-12 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. CVE-2017-5469 - A...
libevent: Stack-buffer overflow in the name_parse() function
A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory...
libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()
A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash...
libevent: Out-of-bounds read in search_make_new()
An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...
RHEL 7 : firefox (RHSA-2017:1106)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:1106 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fixes: Multiple flaws were found...
FreeBSD : libevent -- multiple vulnerabilities (b8ee7a81-a879-4358-9b30-7dd1bd4c14b1)
Debian Security reports : CVE-2016-10195: The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read. CVE-2016-10196: Stack-based buffer overflow in the...
libevent: Stack-buffer overflow in the name_parse() function
A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory...
libevent: Out-of-bounds read in search_make_new()
An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...
libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()
A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash...
Security fix for the ALT Linux 10 package firefox-esr version 45.9.0-alt1
April 20, 2017 Andrey Cherepanov 45.9.0-alt1 - New ESR version - Security fixes: + CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, + CVE-2017-5462: DRBG flaw in NSS + CVE-2017-5445: Uninitialized values used while parsing + CVE-2017-5469: Potential Buffer overflow in...
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...
USN-3228-1: libevent vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of...
SSLsplit - transparent SSL/TLS interception
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...
ALPINE-CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...
ALPINE-CVE-2016-10196
Stack-based buffer overflow in the evutilparsesockaddrport function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service segmentation fault via vectors involving a long string in brackets in the ipasstring argument...
CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...
DEBIAN-CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...
CVE-2016-10197
The searchmakenew function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service out-of-bounds read via an empty hostname...
DEBIAN-CVE-2016-10196
Stack-based buffer overflow in the evutilparsesockaddrport function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service segmentation fault via vectors involving a long string in brackets in the ipasstring argument...