openSUSE Security Update : xdg-utils (openSUSE-2018-573)

This update for xdg-utils fixes this security issues : - CVE-2017-18266: The openenvvar function in xdg-open did not validate strings launching the program specified by the BROWSER environment variable, which might allowed remote attackers to conduct argument-injection attacks via a crafted URL...

Code injection

mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16057

nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-0928

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...

Code injection

d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-18155

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault...

CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2018:1398-1)

This update for bash fixes the following issues: Security issues fixed : - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed : - Fix repeating...

SUSE-SU-2018:1398-1 Security update for bash

This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed: - Fix repeating...

Remote Code Execution (RCE)

libfontforge.so is vulnerable to remote code execution RCE attacks. The application does not properly validate strings in the BROWSER environment variable, allowing a malicious user to inject and execute arbitrary commands...

UBUNTU-CVE-2018-11383

The rstrbuffini function in radare2 2.5.0 allows remote attackers to cause a denial of service invalid free and application crash via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/analavr.c...

Code injection

The rstrbuffini function in radare2 2.5.0 allows remote attackers to cause a denial of service invalid free and application crash via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/analavr.c...

CVE-2018-11383

The rstrbuffini function in radare2 2.5.0 allows remote attackers to cause a denial of service invalid free and application crash via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/analavr.c...

CVE-2018-11383

CVE-2018-11383 affects radare2 up to version 2.5.0, where the r_strbuf_fini() function may crash the application or cause an invalid free via a crafted ELF file due to an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. The vulnerability is confirmed across multiple sources; ...

CVE-2018-11383

The rstrbuffini function in radare2 2.5.0 allows remote attackers to cause a denial of service invalid free and application crash via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/analavr.c...

CVE-2018-1122

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...

CVE-2018-11232

The etmsetupaux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service panic because a parameter is incorrectly used as a local variable...

CVE-2018-11232

The etmsetupaux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service panic because a parameter is incorrectly used as a local variable...

CVE-2018-11232

The vulnerability CVE-2018-11232 affects the Linux kernel, specifically the etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c, and exists in versions prior to 4.10.2. The root cause is that a parameter is incorrectly used as a local variable, which can lead to a denial of...