58 matches found
Buffer overflow
A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16490
A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16490
CVE-2018-16490 affects the mpath npm package prior to version 0.8.4, where a prototype pollution flaw can lead to arbitrary properties being injected onto Object.prototype. The root cause is a type handling mismatch in ignoreProperties.indexOf(parts[i]); when parts[i] is proto , the code path use...
Node.js third-party modules: Prototype Pollution Vulnerability in mpath Package
I would like to report prototype pollution vulnerability in mpath. It allows an attacker to inject arbitrary properties on Object.prototype. Module module name: mpath version: 0.4.1 npm page: https://www.npmjs.com/package/mpath Module Description G,Set javascript object values using MongoDB-like...
OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0121)
The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: check for oversized NFSv2/v3 arguments J. Bruce Fields Orabug: 26366024 CVE-2017-7645 - dm mpath: allow ioctls to trigger pg init Mikulas Patocka Orabug: 25645229 - xen/manage: Always freeze/tha...
Unbreakable Enterprise kernel security update
2.6.39-400.297.3 - nfsd: check for oversized NFSv2/v3 arguments J. Bruce Fields Orabug: 26366024 CVE-2017-7645 2.6.39-400.297.2 - dm mpath: allow ioctls to trigger pg init Mikulas Patocka Orabug: 25645229 - xen/manage: Always freeze/thaw processes when suspend/resuming Ross Lagerwall Orabug:...
Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Updated kernel-rt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which giv...
Ubuntu 11.10 : thunderbird vulnerabilities (USN-1282-1)
Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...
Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1)
Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...
Ubuntu Update for mozvoikko USN-1277-2
Ubuntu Update for Linux kernel vulnerabilities USN-1277-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN12772.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for mozvoikko USN-1277-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net Th...
CVE-2011-3654
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...
Memory corruption
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...
CVE-2011-3654
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...
CVE-2011-3654
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...
Firefox < 8.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. CVE-2011-3648 - The addition of the 'Azure' graphics...
kernel security, bug fix, and enhancement update
2.6.32-71.18.1.el6 - netdrv ixgbe: make sure FCoE DDP user buffers are really released by the HW Frantisek Hrbata 674002 617193 - netdrv ixgbe: invalidate FCoE DDP context when no error status is available Frantisek Hrbata 674002 617193 - netdrv ixgbe: avoid doing FCoE DDP when adapter is DOWN or...
util-linux security and bug fix update
2.12a-24.el4 - fix 458539 - man nfs : wrong information about nfs version used 2.12a-23.el4 - fix 485004 - move mount doesnt correctly update mtab 2.12a-22.el4 - fix 472186 - mount -a has problems with duplicate labels in a mpath setup - fix 471372 - RHEL4: fdisk cannot create partition with...
util security update
CentOS Errata and Security Advisory CESA-2009:0981 An updated util-linux package that fixes one security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of basic...