The vulnerability of Thunderbird software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox, Firefox ESR, and Thunderbird allows malicious actors operating remotely to execute arbitrary code or cause service failures errors when working with dynamic memory through SVG animations th...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in SVG implementation for Blink for Google Chrome allows malicious actors operating remotely to trigger service failures or otherwise affect the system by using incorrect caching related to animations...

The vulnerability of the Thunderbird email client, which allows a malicious individual to gain access to confidential information

The Thunderbird email client contains a vulnerability related to errors in the implementation of the SVG filter. This vulnerability allows a malicious actor to gain access to confidential information about displacement and correlations, as well as to circumvent domain restriction policies. The...

DEBIAN-CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

SQLite Tempdir Selection Vulnerability

Vulnerability Details Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local 2...

Ubiquiti Administration Portal CSRF / Remote Command Execution

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt 1...

libarchive 7z parser null pointer access vulnerability

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's 7z parser that can be exploited by an attacker to cause null pointer access...

RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1267-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for setroubleshoot-plugins CESA-2016:1267 centos6

Check the version of setroubleshoot-plugins SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

SAP Netweaver AS Java - XXE vulnerability in Visual Composer VC70RUNTIME

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2386873 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...

ImageMagick: SVG converting issue resulting in DoS

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service infinite loop by converting a circularly defined SVG file...

ALPINE-CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...

Like Macros Before It, Attackers Shifting to OLE to Spread Malware

Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggest...

Microsoft Exchange Information Disclosure Vulnerability

An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access OW...

DEBIAN-CVE-2016-2819

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element...

GraphicsMagick magick/render.c File Denial of Service Vulnerability

GraphicsMagick is a simple set of image processing tools. A denial-of-service vulnerability exists in GraphicsMagick's handling of special svg files, which can be exploited by remote attackers to construct malicious files and trick applications into parsing them, which can crash the application...

Mozilla: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element...