CVE-2017-6451

CVE-2017-6451 affects the NTP legacy MX4200 refclock. The mx4200_send function mishandles the return value of snprintf, enabling a local attacker to trigger an out-of-bounds write and potentially execute arbitrary code. Affected: NTP before 4.2.8p10 and 4.3.x before 4.3.94. Mitigation/remediation...

CVE-2017-6451

The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write...

chromium-browser: multiple out of bounds writes in chunkdemuxer

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

Microsoft Scripting Engine Memory Corruption (MS17-007: CVE-2017-0032)

An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to an error in Microsoft Edge while handling a specially crafted HTML file. Successful exploitation of this issue can lead to arbitrary memory write...

CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of...

CVE-2017-5037

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

CVE-2017-5037

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

UBUNTU-CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of...

CVE-2017-5503

The decclnpass function in libjasper/jpc/jpct1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service invalid memory write and crash or possibly have unspecified other impact via a crafted image...

CVE-2017-5503

The decclnpass function in libjasper/jpc/jpct1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service invalid memory write and crash or possibly have unspecified other impact via a crafted image...

CVE-2017-5503

CVE-2017-5503 affects JasPer library (JasPer 1.900.27) in the dec_clnpass path (libjasper/jpc/jpc_t1dec.c). A crafted image can trigger a denial of service via an invalid memory write, potentially with additional impact. Connected advisories confirm the same vulnerability across multiple vendor f...

QEMU cirrus_vga.c code execution vulnerability

QEMU is a suite of analog processor software. A security vulnerability in QEMU cirrusvga.c allows an attacker to exploit the vulnerability to write to HOST memory, resulting in arbitrary code execution with elevated privileges...

CVE-2017-5503

The decclnpass function in libjasper/jpc/jpct1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service invalid memory write and crash or possibly have unspecified other impact via a crafted image...

Security update for gstreamer-plugins-good (important)

This update for gstreamer-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write bsc1012102 - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write bsc1012103 - CVE-2016-9636: Prevent maliciously crafted...

DEBIAN-CVE-2015-8818

The cpuphysicalmemorywriterominternal function in exec.c in QEMU aka Quick Emulator does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service guest crash via unspecified vectors...

UBUNTU-CVE-2015-8818

The cpuphysicalmemorywriterominternal function in exec.c in QEMU aka Quick Emulator does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service guest crash via unspecified vectors...

PT-2017-10396 · Game Music Emu +2 · Game-Music-Emu +2

Name of the Vulnerable Software and Affected Versions: game-music-emu versions prior to 0.6.1 Description: The issue allows remote attackers to write to arbitrary memory locations, potentially leading to exploitation. Recommendations: For versions prior to 0.6.1, update to version 0.6.1 or later ...

SUSE SLES11 Security Update : xorg-x11-libXrender (SUSE-SU-2016:3115-1)

This update for xorg-x11-libXrender fixes the following issues : - insufficient validation of data from the X server can cause out of boundary memory writes bsc1003002, CVE-2016-7949, CVE-2016-7950 Note that Tenable Network Security has extracted the preceding description block directly from the...

SUSE-SU-2016:3115-1 Security update for xorg-x11-libXrender

This update for xorg-x11-libXrender fixes the following issues: - insufficient validation of data from the X server can cause out of boundary memory writes bsc1003002, CVE-2016-7949, CVE-2016-7950...

SUSE SLES11 Security Update : xorg-x11-libX11 (SUSE-SU-2016:3054-1)

This update for xorg-x11-libX11 fixes the following issues : - plug a memory leak bsc1002991, CVE-2016-7942 - insufficient validation of data from the X server can cause out of boundary memory read XGetImage or write XListFonts bsc1002991, CVE-2016-7942 Note that Tenable Network Security has...