176 matches found
The vulnerability of the Firefox ESR browser allows a malicious individual to execute arbitrary code or trigger a service failure.
The Mozilla Firefox ESR browser contains numerous vulnerabilities related to memory-related errors. Exploiting these vulnerabilities allows a malicious individual to execute arbitrary code through a specially created website, cause service failures, or trigger an emergency shutdown of the...
The vulnerability of the Thunderbird email client, which allows a malicious individual to execute arbitrary code or trigger a service failure.
Mozilla Thunderbird email client contains numerous vulnerabilities related to memory-related errors. Exploiting these vulnerabilities allows a malicious individual to execute arbitrary code through a specially created website, cause service failures, or trigger an emergency shutdown of the...
USN-3021-1: Linux kernel vulnerabilities
Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...
Eaton ELCSoft Programming Software Memory Vulnerabilities
OVERVIEW Ariele Calgaviano working with Zero Day Initiative has identified a heap-based memory corruption vulnerability and a stack buffer overflow vulnerability in Eaton’s ELCSoft programming software. Eaton has released a revision to mitigate these vulnerabilities. These vulnerabilities could b...
MGASA-2016-0052 Updated krb5 packages fix security vulnerability
In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database CVE-2015-8629. In MIT krb5 1.12 and...
Mozilla Firefox 44 Security Patches
Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week. The most serious flaws were memory vulnerabilities that lived in both the public and extended support versions of the browser. A buffer overflow write in WebGL,...
libebml -- multiple vulnerabilities
Mortiz Bunkus reports: Multiple invalid memory accesses vulnerabilities...
opensmtpd: multiple issues
an oversight in the portable version of fgetln that allows attackers to read and write out-of-bounds memory - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute...
Vulnerabilities found through code inspection — Mozilla
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web...
KLA10646 Multiple vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Improper OGL,...
Mozilla: Miscellaneous memory safety hazards (rv:31.7) (MFSA 2015-46)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...
Cisco UCS Central Software Security Vulnerabilities Patched
Cisco has patched a serious remote code execution vulnerability in its Unified Computing System UCS Central software, a data center platform that integrates processing, networking, storage and virtualization into one system. “An attacker could exploit this vulnerability by sending a crafted HTTP...
Gap Widens Between Attackers, BIOS Forensics, Research
Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look...
Fedora 19 : xen-4.2.1-10.fc19 (2013-5315)
make xendomains systemd script executable and update it from init.d version 919705, Potential use of freed memory in event channel operations XSA-47, CVE-2013-1920 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...
USN-1794-1: Linux kernel (OMAP4) vulnerabilities
Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR Address Space Layout Randomization. A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be...
SuSE 11.2 Security Update : poppler (SAT Patch Number 7560)
This update of poppler fixes the following vulnerabilities : - Various invalid memory issues could be used by attackers supplying PDFs to crash the PDF viewer or potentially execute code. CVE-2013-1788 - A crash in poppler could be used by attackers providing PDFs to crash the PDF viewer...
Adobe Patches Critical Memory Vulnerabilities in Flash Player, AIR
Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. None of the vulnerabilities are being exploited, Adobe said, and added that users should upgrade Flash Player. Version...
Ubuntu Update for libvoikko USN-1192-3
Ubuntu Update for Linux kernel vulnerabilities USN-1192-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN11923.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for libvoikko USN-1192-3 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net Th...
USN-1192-3: Libvoikko regression
USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue. We apologize for the inconvenience. Original advisory details: Aral Yaman discovered a...
USN-1222-2: Mozvoikko, ubufox, webfav update
USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Original advisory details: Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous...