Design/Logic Flaw

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B with firmware through FW208WWb02 devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services...

Information disclosure

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

CVE-2017-14419

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also...

CVE-2017-14418

The CVE-2017-14418 issue concerns the D-Link DIR-850L REV. B, affected via firmware up to FW208WWb02, where the D-Link NPAPI extension transmits the admin password in cleartext over the Internet during mydlink Cloud interaction. This exposes the administrator credential to potential interception ...

CVE-2017-14420

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

CVE-2017-14419

CVE-2017-14419 affects the D-Link DIR-850L NPAPI extension used with REV A (FW114WWb07_h2ab_beta1) and REV B (FW208WWb02). The issue is that this NPAPI component participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, in addition to an existing TCP relay for HTTPS. CN...

CVE-2017-14419

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also...

CVE-2017-14418

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B with firmware through FW208WWb02 devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services...

CVE-2017-14420

The CVE-2017-14420 issue affects the D-Link NPAPI extension used in D-Link DIR-850L Rev. A (firmware up to FW114WWb07_h2ab_beta1) and Rev. B (up to FW208WWb02). The root cause is failure to validate X.509 certificates from SSL servers, enabling a man-in-the-middle to spoof servers and obtain sens...

PT-2017-13465 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the D-Link NPAPI extension, which fails to verify X.509 certificates from SSL servers. This allow...

Security fix for the ALT Linux 10 package firefox-esr version 52.1.1-alt1

May 8, 2017 Andrey Cherepanov 52.1.1-alt1 - New ESR version 52.1.1 - Set plugin.loadflashonly setting to false to allow use all NPAPI plugins - Security fixes since 52.0: + CVE-2016-10196: Vulnerabilities in Libevent library + CVE-2017-5031: Use after free in ANGLE + CVE-2017-5428: integer overfl...

Security update for Chromium (important)

This update to Chromium 57.0.2987.133 fixes the following issues boo1031677: - CVE-2017-5055: Use after free in printing - CVE-2017-5054: Heap buffer overflow in V8 - CVE-2017-5052: Bad cast in Blink - CVE-2017-5056: Use after free in Blink - CVE-2017-5053: Out of bounds memory access in V8 The...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2017-344)

This update for MozillaFirefox and mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 52.0 boo1028391 - requires NSS = 3.28.3 - Pages containing insecure password fields now display a warning directly within username and password fields. - Send and open a tab from one...

Mozilla Firefox Security Advisories (MFSA2016-89, MFSA2016-90) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Security Advisories (MFSA2016-89, MFSA2016-90) - Windows

Mozilla Firefox is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora 22 : webkitgtk4-2.12.1-1.fc22 (2016-ac1dff014c)

Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...

Fedora 23 : webkitgtk4-2.12.1-1.fc23 (2016-cb7a73c82e)

Highlights in 2.12.0: Enable FTL by default in JavaScriptCore for x8664. Network process is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. Switch to use overlay scrollbars like all other GTK+ widge...

Mozilla Thunderbird Security Advisories (MFSA2016-16, MFSA2016-38) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-402)

MozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 boo969894 - MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and...

Security update for MozillaThunderbird (important)

MozillaThunderbird was updated to 38.7.0 to fix the following issues: Update to Thunderbird 38.7.0 boo969894 MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and history...