MGASA-2018-0203 Updated thunderbird packages fix security vulnerability

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash CVE-2018-5127. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially...

CVE-2017-15325

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow...

Integer overflow

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow...

CVE-2017-15325

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow...

CVE-2017-15325

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow...

CVE-2017-15325

The CVE-2017-15325 entry concerns Huawei Huawei smartphones with the Bdat driver, where lack of parameter validation causes an integer overflow. The vulnerability is triggered when a user is tricked into installing a malicious app, which can send crafted parameters to the Bdat driver and achieve ...

Huawei Honor 8 Bdat Driver Integer Overflow Vulnerability

Huawei Honor 8 Youth is a smartphone device. An integer overflow vulnerability exists in the Huawei Honor 8 Youth Edition Bdat driver. Due to a lack of parameter checking, an attacker can exploit the vulnerability to trick a user into installing a malicious application and executing it with...

Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone

The Bdat driver of some Huawei smart phones has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can send a specific parameter to the driver of the smart phone, causing...

Micro Focus Novell Access Manager iManager Cross-Site Scripting Vulnerability

Micro Focus Novell Access Manager is a comprehensive Web access management solution from Micro Focus UK. iManager is one of the Web-based applications that can manage and configure eDirectory objects using wireless devices. A cross-site scripting vulnerability exists in Micro Focus Novell Access...

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla Firefox Out-of-Bounds Write Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An out-of-bounds write vulnerability exists in Mozilla Firefox. The vulnerability arises due to a lack of parameter validation for IPC messages. An attacker can exploit this vulnerability to...

Input validation

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated...

Design/Logic Flaw

Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and th...

CVE-2017-17140

Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and th...

CVE-2017-17140

CVE-2017-17140 affects Huawei Enjoy 5s and Y6 Pro smartphones on software versions prior to TAG-AL00C92B170 and TIT-L01C576B121. The vulnerability arises from lack of parameter validation, enabling a malicious application installed by a user to read sensitive information from kernel memory, causi...

The vulnerability of the Smart Licensing Manager operating system of FX-OS allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the Smart Licensing Manager service on the FX-OS operating system exists due to insufficient verification of Smart Licensing configuration parameters. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges remotely...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16591

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

CVE-2017-16606

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...