524 matches found
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2880-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2880-1 advisory. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gab...
USN-2880-1: Firefox vulnerabilities
Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker...
Microsoft released 1 2 on a major security bug fix patch-bug warning-the black bar safety net
On Tuesday Microsoft announced that as part of its monthly security Bulletin part of all Windows users should update theiroperating system, the prevention from at least two major vulnerabilities. MS15-1 2 8 patched a series of memory crash vulnerability, the latter so that the hacker can install...
DEBIAN-CVE-2015-7183
Integer overflow in the PLARENAALLOCATE implementation in Netscape Portable Runtime NSPR in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute...
USN-2777-1 linux-lts-utopic vulnerabilities
It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service system crash or possibly execute code with administrative privileges. CVE-2015-5156 Benjamin Randazzo...
SUSE-SU-2015:1476-1 Security update for MozillaFirefox, mozilla-nss
Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR bsc943608 MFSA 2015-94/CVE-2015-4497 bsc943557 Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 bsc943558...
PHP SOAP Access Remote Memory Corruption Vulnerability
PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free. After parsing a malformed mp4 file, Flash will not free the NetStream object properly. Such memory block is still accessed even the page containing Flash is closed, which leads to a memory crash...
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free. After parsing a malformed mp4 file, Flash will keep on accessing a block of memory for timing. Such memory block is still accessed even the page containing Flash is closed, which leads to a memory crash...
Fedora 21 : nodejs-qs-0.6.6-3.fc21 (2014-11309)
The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...
Code injection
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service uninitialized memory access and crash via unspecified vectors related to TMAY requests...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update
Updated qemu-kvm-rhev packages that fix several security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
lighttpd < 1.4.34 Multiple Vulnerabilities
According to its banner, the version of lighttpd running on the remote host is prior to 1.4.34. It is, therefore, affected by the following vulnerabilities : - When Server Name Indication SNI is enabled, a flaw exists that could cause the application to use all available SSL ciphers, including we...
UBUNTU-CVE-2013-4074
The dissectcapwapdata function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service application crash via a...
UBUNTU-CVE-2013-1004
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in...
CVE-2013-1667
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service memory consumption and crash via a crafted hash key...
DEBIAN-CVE-2012-3511
Multiple race conditions in the madviseremove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service use-after-free and system crash via vectors involving a 1 munmap or 2 close system call...
RedHat Update for libvirt RHSA-2012:1202-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
UBUNTU-CVE-2011-0152
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in...
WebKit: multiple vulnerabilities in WebKitGTK
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a floating element in an SVG...