Security update for clamav (important)

This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...

Debian DLA-1319-1 : firefox-esr security update

Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 52.7.2esr-1deb7u1. We recommend that you upgrade your firefox-esr...

SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)

This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted C...

openSUSE Security Update : libvorbis (openSUSE-2018-308)

This update for libvorbis fixes the following issues : - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data bsc1085687. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

[SECURITY] [DLA 1319-1] firefox-esr security update

Package : firefox-esr Version : 52.7.2esr-1deb7u1 CVE ID : CVE-2018-5146 CVE-2018-5147 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been...

SUSE-SU-2018:0809-1 Security update for clamav

This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...

Debian DLA-1312-1 : libvorbisidec security update

Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. For Debian 7 'Wheezy', these problems have been fixed in version...

[SECURITY] [DLA 1312-1] libvorbisidec security update

Package : libvorbisidec Version : 1.0.2+svn18153-0.2+deb7u1 CVE ID : CVE-2018-5147 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opene...

Mozilla Firefox ESR Security Advisories (MFSA2018-08, MFSA2018-08) - Windows

Mozilla Firefox ESR is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

NCR S1 Dispenser controller authentication vulnerability

CR S1 Dispenser controller is a dispenser control board product from NCR Corporation. A security vulnerability exists in the memory write mechanism in the NCR S1 Dispenser controller using firmware version 0x0108. An attacker can exploit this vulnerability to upgrade or downgrade the device...

Mozilla Firefox Security Advisories (MFSA2018-08, MFSA2018-08) - Mac OS X

Mozilla Firefox is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

NCR S2 Dispenser controller authentication vulnerability

NCR S2 Dispenser controller is a dispenser control board product from NCR Corporation. A security vulnerability exists in the memory write mechanism in the NCR S2 Dispenser controller using firmware version 0x0108. An attacker could exploit this vulnerability to upgrade or downgrade the device...

CVE-2018-5717

Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities...

CVE-2018-5717

Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities...

CVE-2017-17668

Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities...

Design/Logic Flaw

Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities...

CVE-2018-5717

NCR S2 Dispenser controller (firmware

CVE-2017-17668

Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities...

CVE-2018-5717

Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities...

CVE-2017-17668

The NCR S1 Dispenser controller is affected by CVE-2017-17668 due to a memory write mechanism that allows an unauthenticated user to upgrade or downgrade the device firmware. This can enable installation of older firmware versions with known vulnerabilities. The vulnerability is exploitable remot...