ALT-BU-2017-3362-1
Branch c8 update bulletin.
Package virtualbox updated to version 5.1.24-alt1.M80C.1 for branch c8 in task 185915.
Closed vulnerabilities
BDU:2015-07217
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07219
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07221
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07223
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07225
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07227
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07229
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07230
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09331
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09332
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09333
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09334
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09335
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09336
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09337
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09338
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09813
Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09814
Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09865
Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09866
Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09867
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код
BDU:2015-09868
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09869
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10227
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10228
Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10229
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10230
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10231
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10232
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10233
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2017-01150
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01151
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая злоумышленнику нарушить конфиденциальность информации
BDU:2017-01152
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- HPSBGN03247
- HPSBGN03247
- HPSBHF03289
- HPSBHF03289
- SSRT101953
- SSRT101953
- HPSBGN03285
- HPSBGN03285
- HPSBGN03270
- HPSBGN03270
- SSRT101937
- SSRT101937
- HPSBMU03330
- HPSBMU03330
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- RHSA-2015:0126
- RHSA-2015:0126
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 62517
- 62517
- 62640
- 62640
- 62667
- 62667
- 62680
- 62680
- 62681
- 62681
- 62688
- 62688
- 62690
- 62690
- 62691
- 62691
- 62692
- 62692
- 62698
- 62698
- 62715
- 62715
- 62758
- 62758
- 62812
- 62812
- 62813
- 62813
- 62816
- 62816
- 62865
- 62865
- 62870
- 62870
- 62871
- 62871
- 62879
- 62879
- 62883
- 62883
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204942
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- DSA-3142
- DSA-3142
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- MDVSA-2015:039
- MDVSA-2015:039
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 72325
- 72325
- 91787
- 91787
- 1032909
- 1032909
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- https://bto.bluecoat.com/security-advisory/sa90
- https://bto.bluecoat.com/security-advisory/sa90
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- GLSA-201503-04
- GLSA-201503-04
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://support.apple.com/HT205375
- https://support.apple.com/HT205375
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
Modified: 2024-11-21
CVE-2017-10129
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-10187
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Modified: 2024-11-21
CVE-2017-10204
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- 99631
- 99631
- 1038929
- 1038929
- 42425
- 42425
Modified: 2024-11-21
CVE-2017-10209
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).
Modified: 2024-11-21
CVE-2017-10210
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10233
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10235
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10236
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10237
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10238
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10239
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10240
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10241
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10242
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).
Modified: 2024-11-21
CVE-2017-3558
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3559
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3561
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3563
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3575
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3576
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).
Package kernel-modules-virtualbox-un-def updated to version 5.1.24-alt1.264497.0.M80C.1 for branch c8 in task 185915.
Closed vulnerabilities
BDU:2015-07217
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07219
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07221
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07223
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07225
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07227
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07229
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07230
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09331
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09332
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09333
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09334
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09335
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09336
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09337
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09338
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09813
Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09814
Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09865
Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09866
Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09867
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код
BDU:2015-09868
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09869
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10227
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10228
Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10229
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10230
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10231
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10232
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10233
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2017-01150
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01151
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая злоумышленнику нарушить конфиденциальность информации
BDU:2017-01152
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- HPSBGN03247
- HPSBGN03247
- HPSBHF03289
- HPSBHF03289
- SSRT101953
- SSRT101953
- HPSBGN03285
- HPSBGN03285
- HPSBGN03270
- HPSBGN03270
- SSRT101937
- SSRT101937
- HPSBMU03330
- HPSBMU03330
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- RHSA-2015:0126
- RHSA-2015:0126
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 62517
- 62517
- 62640
- 62640
- 62667
- 62667
- 62680
- 62680
- 62681
- 62681
- 62688
- 62688
- 62690
- 62690
- 62691
- 62691
- 62692
- 62692
- 62698
- 62698
- 62715
- 62715
- 62758
- 62758
- 62812
- 62812
- 62813
- 62813
- 62816
- 62816
- 62865
- 62865
- 62870
- 62870
- 62871
- 62871
- 62879
- 62879
- 62883
- 62883
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204942
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- DSA-3142
- DSA-3142
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- MDVSA-2015:039
- MDVSA-2015:039
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 72325
- 72325
- 91787
- 91787
- 1032909
- 1032909
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- https://bto.bluecoat.com/security-advisory/sa90
- https://bto.bluecoat.com/security-advisory/sa90
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- GLSA-201503-04
- GLSA-201503-04
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://support.apple.com/HT205375
- https://support.apple.com/HT205375
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
Modified: 2024-11-21
CVE-2017-10129
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-10187
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Modified: 2024-11-21
CVE-2017-10204
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- 99631
- 99631
- 1038929
- 1038929
- 42425
- 42425
Modified: 2024-11-21
CVE-2017-10209
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).
Modified: 2024-11-21
CVE-2017-10210
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10233
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10235
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10236
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10237
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10238
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10239
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10240
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10241
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10242
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).
Modified: 2024-11-21
CVE-2017-3558
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3559
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3561
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3563
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3575
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3576
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).
Package kernel-modules-virtualbox-std-def updated to version 5.1.24-alt1.263254.0.M80C.1 for branch c8 in task 185915.
Closed vulnerabilities
BDU:2015-07217
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07219
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07221
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07223
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07225
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07227
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07229
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07230
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09331
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09332
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09333
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09334
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09335
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09336
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09337
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09338
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09813
Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09814
Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09865
Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09866
Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09867
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код
BDU:2015-09868
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09869
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10227
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10228
Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10229
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10230
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10231
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10232
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10233
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2017-01150
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01151
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая злоумышленнику нарушить конфиденциальность информации
BDU:2017-01152
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- HPSBGN03247
- HPSBGN03247
- HPSBHF03289
- HPSBHF03289
- SSRT101953
- SSRT101953
- HPSBGN03285
- HPSBGN03285
- HPSBGN03270
- HPSBGN03270
- SSRT101937
- SSRT101937
- HPSBMU03330
- HPSBMU03330
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- RHSA-2015:0126
- RHSA-2015:0126
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 62517
- 62517
- 62640
- 62640
- 62667
- 62667
- 62680
- 62680
- 62681
- 62681
- 62688
- 62688
- 62690
- 62690
- 62691
- 62691
- 62692
- 62692
- 62698
- 62698
- 62715
- 62715
- 62758
- 62758
- 62812
- 62812
- 62813
- 62813
- 62816
- 62816
- 62865
- 62865
- 62870
- 62870
- 62871
- 62871
- 62879
- 62879
- 62883
- 62883
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204942
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- DSA-3142
- DSA-3142
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- MDVSA-2015:039
- MDVSA-2015:039
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 72325
- 72325
- 91787
- 91787
- 1032909
- 1032909
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- https://bto.bluecoat.com/security-advisory/sa90
- https://bto.bluecoat.com/security-advisory/sa90
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- GLSA-201503-04
- GLSA-201503-04
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://support.apple.com/HT205375
- https://support.apple.com/HT205375
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
Modified: 2024-11-21
CVE-2017-10129
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-10187
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Modified: 2024-11-21
CVE-2017-10204
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- 99631
- 99631
- 1038929
- 1038929
- 42425
- 42425
Modified: 2024-11-21
CVE-2017-10209
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).
Modified: 2024-11-21
CVE-2017-10210
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10233
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10235
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10236
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10237
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10238
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10239
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10240
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10241
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10242
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).
Modified: 2024-11-21
CVE-2017-3558
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3559
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3561
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3563
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3575
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3576
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).
Package kernel-modules-virtualbox-addition-std-def updated to version 5.1.24-alt1.263254.0.M80C.1 for branch c8 in task 185915.
Closed vulnerabilities
BDU:2015-07217
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07219
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07221
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07223
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07225
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07227
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07229
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07230
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09331
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09332
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09333
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09334
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09335
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09336
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09337
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09338
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09813
Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09814
Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09865
Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09866
Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09867
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код
BDU:2015-09868
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09869
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10227
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10228
Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10229
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10230
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10231
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10232
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10233
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2017-01150
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01151
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая злоумышленнику нарушить конфиденциальность информации
BDU:2017-01152
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- HPSBGN03247
- HPSBGN03247
- HPSBHF03289
- HPSBHF03289
- SSRT101953
- SSRT101953
- HPSBGN03285
- HPSBGN03285
- HPSBGN03270
- HPSBGN03270
- SSRT101937
- SSRT101937
- HPSBMU03330
- HPSBMU03330
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- RHSA-2015:0126
- RHSA-2015:0126
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 62517
- 62517
- 62640
- 62640
- 62667
- 62667
- 62680
- 62680
- 62681
- 62681
- 62688
- 62688
- 62690
- 62690
- 62691
- 62691
- 62692
- 62692
- 62698
- 62698
- 62715
- 62715
- 62758
- 62758
- 62812
- 62812
- 62813
- 62813
- 62816
- 62816
- 62865
- 62865
- 62870
- 62870
- 62871
- 62871
- 62879
- 62879
- 62883
- 62883
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204942
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- DSA-3142
- DSA-3142
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- MDVSA-2015:039
- MDVSA-2015:039
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 72325
- 72325
- 91787
- 91787
- 1032909
- 1032909
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- https://bto.bluecoat.com/security-advisory/sa90
- https://bto.bluecoat.com/security-advisory/sa90
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- GLSA-201503-04
- GLSA-201503-04
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://support.apple.com/HT205375
- https://support.apple.com/HT205375
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
Modified: 2024-11-21
CVE-2017-10129
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-10187
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Modified: 2024-11-21
CVE-2017-10204
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- 99631
- 99631
- 1038929
- 1038929
- 42425
- 42425
Modified: 2024-11-21
CVE-2017-10209
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).
Modified: 2024-11-21
CVE-2017-10210
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10233
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10235
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10236
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10237
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10238
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10239
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10240
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10241
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10242
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).
Modified: 2024-11-21
CVE-2017-3558
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3559
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3561
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3563
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3575
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3576
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).
Package kernel-modules-virtualbox-addition-un-def updated to version 5.1.24-alt1.264497.0.M80C.1 for branch c8 in task 185915.
Closed vulnerabilities
BDU:2015-07217
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07219
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07221
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07223
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07225
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07227
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07229
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-07230
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09331
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09332
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09333
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09334
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09335
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09336
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09337
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09338
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09813
Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09814
Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-09865
Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09866
Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09867
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код
BDU:2015-09868
Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-09869
Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10227
Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10228
Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10229
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10230
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10231
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10232
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2015-10233
Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код
BDU:2017-01150
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01151
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая злоумышленнику нарушить конфиденциальность информации
BDU:2017-01152
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-10-21-4
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- HPSBGN03247
- HPSBGN03247
- HPSBHF03289
- HPSBHF03289
- SSRT101953
- SSRT101953
- HPSBGN03285
- HPSBGN03285
- HPSBGN03270
- HPSBGN03270
- SSRT101937
- SSRT101937
- HPSBMU03330
- HPSBMU03330
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- RHSA-2015:0126
- RHSA-2015:0126
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
- 62517
- 62517
- 62640
- 62640
- 62667
- 62667
- 62680
- 62680
- 62681
- 62681
- 62688
- 62688
- 62690
- 62690
- 62691
- 62691
- 62692
- 62692
- 62698
- 62698
- 62715
- 62715
- 62758
- 62758
- 62812
- 62812
- 62813
- 62813
- 62816
- 62816
- 62865
- 62865
- 62870
- 62870
- 62871
- 62871
- 62879
- 62879
- 62883
- 62883
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204942
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
- DSA-3142
- DSA-3142
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- MDVSA-2015:039
- MDVSA-2015:039
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- [oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
- 72325
- 72325
- 91787
- 91787
- 1032909
- 1032909
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- https://bto.bluecoat.com/security-advisory/sa90
- https://bto.bluecoat.com/security-advisory/sa90
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- GLSA-201503-04
- GLSA-201503-04
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://security.netapp.com/advisory/ntap-20150127-0001/
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://support.apple.com/HT205375
- https://support.apple.com/HT205375
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
Modified: 2024-11-21
CVE-2017-10129
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-10187
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Modified: 2024-11-21
CVE-2017-10204
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- 99631
- 99631
- 1038929
- 1038929
- 42425
- 42425
Modified: 2024-11-21
CVE-2017-10209
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).
Modified: 2024-11-21
CVE-2017-10210
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10233
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10235
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10236
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10237
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10238
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10239
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10240
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10241
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-10242
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).
Modified: 2024-11-21
CVE-2017-3558
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3559
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2017-3561
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3563
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3575
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3576
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Modified: 2024-11-21
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).
Closed vulnerabilities
BDU:2017-01634
Уязвимость кодека avcodec медиаплеера VideoLAN Media Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2019-04176
Уязвимость компонента ParseJSS программы-медиапроигрывателя VideoLAN VLC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2019-04182
Уязвимость библиотеки plugins\codec\libflac_plugin.dll программы-медиапроигрывателя VideoLAN VLC, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-10699
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
Modified: 2024-11-21
CVE-2017-8310
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
- http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29
- http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29
- DSA-3899
- DSA-3899
- 98638
- 98638
- GLSA-201707-10
- GLSA-201707-10
Modified: 2024-11-21
CVE-2017-8311
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Modified: 2024-11-21
CVE-2017-8312
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
- http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9
- http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9
- DSA-3899
- DSA-3899
- 98631
- 98631
- GLSA-201707-10
- GLSA-201707-10
Modified: 2024-11-21
CVE-2017-8313
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
Modified: 2024-11-21
CVE-2017-9300
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Modified: 2024-11-21
CVE-2017-9301
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
Closed vulnerabilities
BDU:2017-01653
Уязвимости программы мгновенного обмена сообщениями Pidgin, позволяющие нарушителю вызвать раскрытие памяти, а также внедрение произвольного кода
Modified: 2024-11-21
CVE-2016-1000030
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
- https://access.redhat.com/security/cve/cve-2016-1000030
- https://access.redhat.com/security/cve/cve-2016-1000030
- https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe
- https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe
- https://pidgin.im/news/security/?id=91
- https://pidgin.im/news/security/?id=91
- GLSA-201701-38
- GLSA-201701-38
- https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/
- https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/
Modified: 2024-11-21
CVE-2016-2365
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
Modified: 2024-11-21
CVE-2016-2366
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
Modified: 2024-11-21
CVE-2016-2367
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.
Modified: 2024-11-21
CVE-2016-2368
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
Modified: 2024-11-21
CVE-2016-2369
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.
Modified: 2024-11-21
CVE-2016-2370
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
Modified: 2024-11-21
CVE-2016-2371
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
Modified: 2024-11-21
CVE-2016-2372
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.
Modified: 2024-11-21
CVE-2016-2373
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
Modified: 2024-11-21
CVE-2016-2374
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
Modified: 2024-11-21
CVE-2016-2375
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
Modified: 2024-11-21
CVE-2016-2376
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.
Modified: 2024-11-21
CVE-2016-2377
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.
Modified: 2024-11-21
CVE-2016-2378
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.
Modified: 2024-11-21
CVE-2016-2380
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
Modified: 2024-11-21
CVE-2016-4323
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
Modified: 2024-11-21
CVE-2017-2640
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Closed vulnerabilities
BDU:2017-01833
Уязвимость набора библиотек Network Security Services, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2021-00048
Уязвимость службы сетевой безопасности NSS браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность данных
Modified: 2024-11-21
CVE-2016-9574
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
Modified: 2024-11-21
CVE-2017-5461
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
- DSA-3831
- DSA-3831
- DSA-3872
- DSA-3872
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- 98050
- 98050
- 1038320
- 1038320
- RHSA-2017:1100
- RHSA-2017:1100
- RHSA-2017:1101
- RHSA-2017:1101
- RHSA-2017:1102
- RHSA-2017:1102
- RHSA-2017:1103
- RHSA-2017:1103
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
- GLSA-201705-04
- GLSA-201705-04
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
- 97940
- 97940
- 1038320
- 1038320
- https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
- https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
- GLSA-201705-04
- GLSA-201705-04
- DSA-3831
- DSA-3831
- DSA-3872
- DSA-3872
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
Modified: 2024-11-21
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
- DSA-3872
- DSA-3872
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- 98744
- 98744
- 1038579
- 1038579
- RHSA-2017:1364
- RHSA-2017:1364
- RHSA-2017:1365
- RHSA-2017:1365
- RHSA-2017:1567
- RHSA-2017:1567
- RHSA-2017:1712
- RHSA-2017:1712
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
Package firefox-esr updated to version 52.3.0-alt0.M80C.1 for branch c8 in task 188433.
Closed vulnerabilities
BDU:2016-01470
Уязвимость библиотеки парсинга Expat, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-01546
Уязвимость набора библиотек Network Security Services и браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2016-01547
Уязвимость браузера Firefox, позволяющая нарушителю провести XSS-атаки
BDU:2016-01548
Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к полному списку отключенных плагинов
BDU:2016-01549
Уязвимость браузеров Firefox ESR и Firefox, позволяющая нарушителю вызвать отказ в обслуживании, провести кликджекинг или спуфинг-атаку
BDU:2016-01550
Уязвимость браузера Firefox, позволяющая нарушителю повлиять на целостность информации
BDU:2016-01551
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код
BDU:2016-01553
Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа и изменить свойство location.host
BDU:2016-01909
Уязвимость браузера Firefox, позволяющая нарушителю проводить спуфинг-атаки
BDU:2016-01911
Уязвимость браузера Firefox, позволяющая нарушителю получить доступ к локальным файлам
BDU:2016-01912
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующую политику ограничения доступа или читать произвольные файлы
BDU:2016-01913
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-01914
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код
BDU:2016-01915
Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-01916
Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-01917
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код
BDU:2016-01918
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код
BDU:2016-01919
Уязвимость браузера Firefox, позволяющая нарушителю выполнить произвольный код
BDU:2016-01920
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2016-01921
Уязвимость браузера Firefox, позволяющая нарушителю изменять произвольные файлы
BDU:2016-01922
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код
BDU:2016-01923
Уязвимость браузера Firefox, позволяющая нарушителю подменить адресную строку
BDU:2016-01924
Уязвимость браузера Firefox, позволяющая нарушителю получить информацию о последних посещенных страницах
BDU:2017-01833
Уязвимость набора библиотек Network Security Services, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
BDU:2018-00163
Уязвимость компонента Developer Tools браузера Mozilla Firefox ESR, позволяющая нарушителю выполнить произвольный код
BDU:2018-00164
Уязвимость реализации технологии WebSockets браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00165
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00166
Уязвимость функции nsImageLoadingContent::Notify браузера Mozilla Firefox ESR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2018-00167
Уязвимость функции mozilla::dom::ImageDocument::UpdateSizeFromLayout браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00168
Уязвимость функции mozilla::a11y::DocAccessible::PutChildrenBack браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00169
Уязвимость функции mozilla::SVGGeometryFrame::GetCanvasTM() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00170
Уязвимость браузера Mozilla Firefox ESR, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2018-00171
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками в реализации SOP (Same-origin policy), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2018-00172
Уязвимость механизма AppCache браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю осуществить подмену домена
BDU:2018-00173
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2018-00174
Уязвимость реализации протокола «data:» браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность защищаемой информации
BDU:2018-00175
Уязвимость реализации механизма CSP (Content Security Policy) браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2018-00176
Уязвимость браузера Mozilla Firefox ESR, связанная с ошибками при работе с памятью, позволяющая нарушителю выполнить произвольный код
BDU:2019-00230
Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2020-05740
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2020-05741
Уязвимость функций анимации SMIL браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05742
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при обработке транзакций в редакторе, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05743
Уязвимость функции FeatureRef::applyValToFeature библиотеки шрифтов Graphite 2 браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05744
Уязвимость функции nsAutoPtr браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05745
Уязвимость функции nsTArray Length() браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05746
Уязвимость функции txExecutionState браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05747
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05748
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при манипулировании элементами DOM, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05793
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2020-05801
Уязвимость функции evutil_parse_sockaddr_port (evutil.c) библиотеки асинхронного уведомления событий Libevent, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05803
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05804
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05833
Уязвимость реализации метода ProcessNextState (netwerk\streamconv\converters\nsBinHexDecoder.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05834
Уязвимость реализации метода nsDirIndexParser::ParseData (netwerk\streamconv\converters\nsDirIndexParser.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2020-05842
Уязвимость реализации метода nsDirIndexParser::ParseFormat (netwerk\streamconv\converters\nsDirIndexParser.cpp) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c отсутствием проверки при индексировании по массиву, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2020-05843
Уязвимость реализации технологии HTTP/2 браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05844
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-05846
Уязвимость механизма подмены адресной строки через взаимодействие пользователя с адресной строкой и событием «onblur» браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю проводить спуфинг-атаки
BDU:2020-05847
Уязвимость функции PFileSystemRequestConstructor браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c обходом защиты доступа к файловой системе в песочнице, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2020-05848
Уязвимость компонента WebGL браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00026
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при манипулировании элементами DOM, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00027
Уязвимость функции деструктора класса WindowsDllDetourPatcher браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю повысить свои привилегии
BDU:2021-00028
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная cо смешением символов из блока «Canadian Syllabics» с символами из других блоков, позволяющая нарушителю проводить спуфинг-атаки
BDU:2021-00029
Уязвимость аудиокодека Opus браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00030
Уязвимость интерфейса прикладного программирования клиентского хранилища IndexedDB браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00031
Уязвимость компонента XMLHttpRequest браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00032
Уязвимость компонента WebGL (Web-based Graphics Library) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2021-00033
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2021-00034
Уязвимость загрузчика фреймов браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00035
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00036
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2021-00037
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выход операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
BDU:2021-00038
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c непринятием мер по защите структуры веб-страницы, позволяющая нарушителю нарушителю проводить межсайтовые сценарные атаки
BDU:2021-00039
Уязвимость реализации функции ConvolvePixel() браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
BDU:2021-00040
Уязвимость реализации класса WindowsDllDetourPatcher браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю нарушить целостность данных
BDU:2021-00041
Уязвимость редактора метода ввода Input Method Editor (IME) браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00042
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00043
Уязвимость графической библиотеки Skia браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00044
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00047
Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти при манипуляции с деревом доступа DOM, позволяющая нарушителю выполнить произвольный код
BDU:2021-00048
Уязвимость службы сетевой безопасности NSS браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность данных
BDU:2021-04041
Уязвимость класса DOMSVGLength браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
BDU:2021-04047
Уязвимость функции mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
BDU:2021-04197
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю подделывать обновления надстроек
Modified: 2024-11-21
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
- APPLE-SA-2016-07-18-1
- APPLE-SA-2016-07-18-1
- openSUSE-SU-2016:1441
- openSUSE-SU-2016:1441
- SUSE-SU-2016:1508
- SUSE-SU-2016:1508
- SUSE-SU-2016:1512
- SUSE-SU-2016:1512
- openSUSE-SU-2016:1523
- openSUSE-SU-2016:1523
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
- RHSA-2016:2824
- RHSA-2016:2824
- 20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
- 20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
- http://support.eset.com/ca6333/
- http://support.eset.com/ca6333/
- DSA-3582
- DSA-3582
- http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
- [oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
- [oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- 90729
- 90729
- 1036348
- 1036348
- 1036415
- 1036415
- 1037705
- 1037705
- USN-2983-1
- USN-2983-1
- USN-3044-1
- USN-3044-1
- RHSA-2018:2486
- RHSA-2018:2486
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
- https://bugzilla.redhat.com/show_bug.cgi?id=1296102
- https://bugzilla.redhat.com/show_bug.cgi?id=1296102
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- GLSA-201701-21
- GLSA-201701-21
- https://source.android.com/security/bulletin/2016-11-01.html
- https://source.android.com/security/bulletin/2016-11-01.html
- https://support.apple.com/HT206903
- https://support.apple.com/HT206903
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-20
Modified: 2024-11-21
CVE-2016-10196
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
- DSA-3789
- DSA-3789
- [oss-security] 20170131 Bugs fixed in libevent 2.1.6
- [oss-security] 20170131 Bugs fixed in libevent 2.1.6
- [oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6
- [oss-security] 20170202 Re: Bugs fixed in libevent 2.1.6
- 96014
- 96014
- 1038320
- 1038320
- RHSA-2017:1104
- RHSA-2017:1104
- RHSA-2017:1106
- RHSA-2017:1106
- RHSA-2017:1201
- RHSA-2017:1201
- https://bugzilla.mozilla.org/show_bug.cgi?id=1343453
- https://bugzilla.mozilla.org/show_bug.cgi?id=1343453
- https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog
- https://github.com/libevent/libevent/blob/release-2.1.6-beta/ChangeLog
- https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
- https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
- https://github.com/libevent/libevent/issues/318
- https://github.com/libevent/libevent/issues/318
- GLSA-201705-01
- GLSA-201705-01
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
Modified: 2024-11-21
CVE-2016-2815
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- openSUSE-SU-2016:1767
- openSUSE-SU-2016:1767
- openSUSE-SU-2016:1769
- openSUSE-SU-2016:1769
- openSUSE-SU-2016:1778
- openSUSE-SU-2016:1778
- http://www.mozilla.org/security/announce/2016/mfsa2016-49.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-49.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241896
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241896
- https://bugzilla.mozilla.org/show_bug.cgi?id=1242798
- https://bugzilla.mozilla.org/show_bug.cgi?id=1242798
- https://bugzilla.mozilla.org/show_bug.cgi?id=1243466
- https://bugzilla.mozilla.org/show_bug.cgi?id=1243466
- https://bugzilla.mozilla.org/show_bug.cgi?id=1245743
- https://bugzilla.mozilla.org/show_bug.cgi?id=1245743
- https://bugzilla.mozilla.org/show_bug.cgi?id=1264300
- https://bugzilla.mozilla.org/show_bug.cgi?id=1264300
- https://bugzilla.mozilla.org/show_bug.cgi?id=1271037
- https://bugzilla.mozilla.org/show_bug.cgi?id=1271037
Modified: 2024-11-21
CVE-2016-2818
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- openSUSE-SU-2016:1767
- openSUSE-SU-2016:1767
- openSUSE-SU-2016:1769
- openSUSE-SU-2016:1769
- openSUSE-SU-2016:1778
- openSUSE-SU-2016:1778
- DSA-3600
- DSA-3600
- DSA-3647
- DSA-3647
- http://www.mozilla.org/security/announce/2016/mfsa2016-49.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-49.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- USN-3023-1
- USN-3023-1
- RHSA-2016:1217
- RHSA-2016:1217
- RHSA-2016:1392
- RHSA-2016:1392
- https://bugzilla.mozilla.org/show_bug.cgi?id=1234147
- https://bugzilla.mozilla.org/show_bug.cgi?id=1234147
- https://bugzilla.mozilla.org/show_bug.cgi?id=1256493
- https://bugzilla.mozilla.org/show_bug.cgi?id=1256493
- https://bugzilla.mozilla.org/show_bug.cgi?id=1256739
- https://bugzilla.mozilla.org/show_bug.cgi?id=1256739
- https://bugzilla.mozilla.org/show_bug.cgi?id=1256968
- https://bugzilla.mozilla.org/show_bug.cgi?id=1256968
- https://bugzilla.mozilla.org/show_bug.cgi?id=1261230
- https://bugzilla.mozilla.org/show_bug.cgi?id=1261230
- https://bugzilla.mozilla.org/show_bug.cgi?id=1261752
- https://bugzilla.mozilla.org/show_bug.cgi?id=1261752
- https://bugzilla.mozilla.org/show_bug.cgi?id=1263384
- https://bugzilla.mozilla.org/show_bug.cgi?id=1263384
- https://bugzilla.mozilla.org/show_bug.cgi?id=1264575
- https://bugzilla.mozilla.org/show_bug.cgi?id=1264575
- https://bugzilla.mozilla.org/show_bug.cgi?id=1265577
- https://bugzilla.mozilla.org/show_bug.cgi?id=1265577
- https://bugzilla.mozilla.org/show_bug.cgi?id=1267130
- https://bugzilla.mozilla.org/show_bug.cgi?id=1267130
- https://bugzilla.mozilla.org/show_bug.cgi?id=1269729
- https://bugzilla.mozilla.org/show_bug.cgi?id=1269729
- https://bugzilla.mozilla.org/show_bug.cgi?id=1273202
- https://bugzilla.mozilla.org/show_bug.cgi?id=1273202
- https://bugzilla.mozilla.org/show_bug.cgi?id=1273701
- https://bugzilla.mozilla.org/show_bug.cgi?id=1273701
Modified: 2024-11-21
CVE-2016-2819
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- DSA-3600
- DSA-3600
- http://www.mozilla.org/security/announce/2016/mfsa2016-50.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-50.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- RHSA-2016:1217
- RHSA-2016:1217
- https://bugzilla.mozilla.org/show_bug.cgi?id=1270381
- https://bugzilla.mozilla.org/show_bug.cgi?id=1270381
- 44293
- 44293
Modified: 2024-11-21
CVE-2016-2821
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- DSA-3600
- DSA-3600
- http://www.mozilla.org/security/announce/2016/mfsa2016-51.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-51.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- RHSA-2016:1217
- RHSA-2016:1217
- https://bugzilla.mozilla.org/show_bug.cgi?id=1271460
- https://bugzilla.mozilla.org/show_bug.cgi?id=1271460
Modified: 2024-11-21
CVE-2016-2822
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- DSA-3600
- DSA-3600
- http://www.mozilla.org/security/announce/2016/mfsa2016-52.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-52.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- RHSA-2016:1217
- RHSA-2016:1217
- https://bugzilla.mozilla.org/show_bug.cgi?id=1273129
- https://bugzilla.mozilla.org/show_bug.cgi?id=1273129
Modified: 2024-11-21
CVE-2016-2825
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- http://www.mozilla.org/security/announce/2016/mfsa2016-54.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-54.html
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1193093
- https://bugzilla.mozilla.org/show_bug.cgi?id=1193093
Modified: 2024-11-21
CVE-2016-2827
The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.
Modified: 2024-11-21
CVE-2016-2828
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- DSA-3600
- DSA-3600
- http://www.mozilla.org/security/announce/2016/mfsa2016-56.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-56.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- RHSA-2016:1217
- RHSA-2016:1217
- https://bugzilla.mozilla.org/show_bug.cgi?id=1223810
- https://bugzilla.mozilla.org/show_bug.cgi?id=1223810
Modified: 2024-11-21
CVE-2016-2829
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- http://www.mozilla.org/security/announce/2016/mfsa2016-57.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-57.html
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1248329
- https://bugzilla.mozilla.org/show_bug.cgi?id=1248329
Modified: 2024-11-21
CVE-2016-2830
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-63.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-63.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92261
- 92261
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1255270
- https://bugzilla.mozilla.org/show_bug.cgi?id=1255270
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-2831
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- DSA-3600
- DSA-3600
- http://www.mozilla.org/security/announce/2016/mfsa2016-58.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-58.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 91075
- 91075
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- RHSA-2016:1217
- RHSA-2016:1217
- https://bugzilla.mozilla.org/show_bug.cgi?id=1261933
- https://bugzilla.mozilla.org/show_bug.cgi?id=1261933
Modified: 2024-11-21
CVE-2016-2832
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- http://www.mozilla.org/security/announce/2016/mfsa2016-59.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-59.html
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1025267
- https://bugzilla.mozilla.org/show_bug.cgi?id=1025267
Modified: 2024-11-21
CVE-2016-2833
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- http://www.mozilla.org/security/announce/2016/mfsa2016-60.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-60.html
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=908933
- https://bugzilla.mozilla.org/show_bug.cgi?id=908933
Modified: 2024-11-21
CVE-2016-2834
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1552
- openSUSE-SU-2016:1557
- openSUSE-SU-2016:1557
- SUSE-SU-2016:1691
- SUSE-SU-2016:1691
- RHSA-2016:2779
- RHSA-2016:2779
- DSA-3688
- DSA-3688
- http://www.mozilla.org/security/announce/2016/mfsa2016-61.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-61.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- 91072
- 91072
- 1036057
- 1036057
- USN-2993-1
- USN-2993-1
- USN-3029-1
- USN-3029-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1206283
- https://bugzilla.mozilla.org/show_bug.cgi?id=1206283
- https://bugzilla.mozilla.org/show_bug.cgi?id=1221620
- https://bugzilla.mozilla.org/show_bug.cgi?id=1221620
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241034
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241034
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241037
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241037
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
Modified: 2024-11-21
CVE-2016-2835
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://www.mozilla.org/security/announce/2016/mfsa2016-62.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-62.html
- 92261
- 92261
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1222101
- https://bugzilla.mozilla.org/show_bug.cgi?id=1222101
- https://bugzilla.mozilla.org/show_bug.cgi?id=1251308
- https://bugzilla.mozilla.org/show_bug.cgi?id=1251308
- https://bugzilla.mozilla.org/show_bug.cgi?id=1254106
- https://bugzilla.mozilla.org/show_bug.cgi?id=1254106
- https://bugzilla.mozilla.org/show_bug.cgi?id=1264998
- https://bugzilla.mozilla.org/show_bug.cgi?id=1264998
- https://bugzilla.mozilla.org/show_bug.cgi?id=1270537
- https://bugzilla.mozilla.org/show_bug.cgi?id=1270537
- https://bugzilla.mozilla.org/show_bug.cgi?id=1275582
- https://bugzilla.mozilla.org/show_bug.cgi?id=1275582
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280215
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280215
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280443
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280443
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282246
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282246
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-2836
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- RHSA-2016:1809
- RHSA-2016:1809
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-62.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-62.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92261
- 92261
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1154923
- https://bugzilla.mozilla.org/show_bug.cgi?id=1154923
- https://bugzilla.mozilla.org/show_bug.cgi?id=1249578
- https://bugzilla.mozilla.org/show_bug.cgi?id=1249578
- https://bugzilla.mozilla.org/show_bug.cgi?id=1257765
- https://bugzilla.mozilla.org/show_bug.cgi?id=1257765
- https://bugzilla.mozilla.org/show_bug.cgi?id=1258079
- https://bugzilla.mozilla.org/show_bug.cgi?id=1258079
- https://bugzilla.mozilla.org/show_bug.cgi?id=1268626
- https://bugzilla.mozilla.org/show_bug.cgi?id=1268626
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282502
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282502
- https://bugzilla.mozilla.org/show_bug.cgi?id=1283823
- https://bugzilla.mozilla.org/show_bug.cgi?id=1283823
- https://bugzilla.mozilla.org/show_bug.cgi?id=822081
- https://bugzilla.mozilla.org/show_bug.cgi?id=822081
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-2837
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-77.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-77.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- http://www.zerodayinitiative.com/advisories/ZDI-16-673
- http://www.zerodayinitiative.com/advisories/ZDI-16-673
- https://bugzilla.mozilla.org/show_bug.cgi?id=1274637
- https://bugzilla.mozilla.org/show_bug.cgi?id=1274637
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-2838
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-64.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-64.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92261
- 92261
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1279814
- https://bugzilla.mozilla.org/show_bug.cgi?id=1279814
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5250
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-84.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-84.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1254688
- https://bugzilla.mozilla.org/show_bug.cgi?id=1254688
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5251
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://www.mozilla.org/security/announce/2016/mfsa2016-66.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-66.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1255570
- https://bugzilla.mozilla.org/show_bug.cgi?id=1255570
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5252
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-67.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-67.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92261
- 92261
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1268854
- https://bugzilla.mozilla.org/show_bug.cgi?id=1268854
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5253
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.
Modified: 2024-11-21
CVE-2016-5254
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-70.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-70.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92261
- 92261
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1266963
- https://bugzilla.mozilla.org/show_bug.cgi?id=1266963
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://www.mozilla.org/security/announce/2016/mfsa2016-71.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-71.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1212356
- https://bugzilla.mozilla.org/show_bug.cgi?id=1212356
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5256
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- 93052
- 93052
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1268034
- https://bugzilla.mozilla.org/show_bug.cgi?id=1268034
- https://bugzilla.mozilla.org/show_bug.cgi?id=1276413
- https://bugzilla.mozilla.org/show_bug.cgi?id=1276413
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282746
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282746
- https://bugzilla.mozilla.org/show_bug.cgi?id=1290244
- https://bugzilla.mozilla.org/show_bug.cgi?id=1290244
- https://bugzilla.mozilla.org/show_bug.cgi?id=1296078
- https://bugzilla.mozilla.org/show_bug.cgi?id=1296078
- https://bugzilla.mozilla.org/show_bug.cgi?id=1296087
- https://bugzilla.mozilla.org/show_bug.cgi?id=1296087
- https://bugzilla.mozilla.org/show_bug.cgi?id=1297099
- https://bugzilla.mozilla.org/show_bug.cgi?id=1297099
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5257
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- RHSA-2016:1912
- RHSA-2016:1912
- RHSA-2016:1985
- RHSA-2016:1985
- DSA-3674
- DSA-3674
- DSA-3690
- DSA-3690
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1277213
- https://bugzilla.mozilla.org/show_bug.cgi?id=1277213
- https://bugzilla.mozilla.org/show_bug.cgi?id=1287204
- https://bugzilla.mozilla.org/show_bug.cgi?id=1287204
- https://bugzilla.mozilla.org/show_bug.cgi?id=1288555
- https://bugzilla.mozilla.org/show_bug.cgi?id=1288555
- https://bugzilla.mozilla.org/show_bug.cgi?id=1288588
- https://bugzilla.mozilla.org/show_bug.cgi?id=1288588
- https://bugzilla.mozilla.org/show_bug.cgi?id=1288780
- https://bugzilla.mozilla.org/show_bug.cgi?id=1288780
- https://bugzilla.mozilla.org/show_bug.cgi?id=1289280
- https://bugzilla.mozilla.org/show_bug.cgi?id=1289280
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293347
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293347
- https://bugzilla.mozilla.org/show_bug.cgi?id=1294095
- https://bugzilla.mozilla.org/show_bug.cgi?id=1294095
- https://bugzilla.mozilla.org/show_bug.cgi?id=1294407
- https://bugzilla.mozilla.org/show_bug.cgi?id=1294407
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5258
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-72.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-72.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1279146
- https://bugzilla.mozilla.org/show_bug.cgi?id=1279146
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-73.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-73.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282992
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282992
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5260
Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://www.mozilla.org/security/announce/2016/mfsa2016-74.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-74.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280294
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280294
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5261
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-75.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-75.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1287266
- https://bugzilla.mozilla.org/show_bug.cgi?id=1287266
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
Modified: 2024-11-21
CVE-2016-5262
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-76.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-76.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1277475
- https://bugzilla.mozilla.org/show_bug.cgi?id=1277475
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5263
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-78.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-78.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1276897
- https://bugzilla.mozilla.org/show_bug.cgi?id=1276897
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5264
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-79.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-79.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1286183
- https://bugzilla.mozilla.org/show_bug.cgi?id=1286183
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- RHSA-2016:1551
- RHSA-2016:1551
- DSA-3640
- DSA-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-80.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-80.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 92258
- 92258
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1278013
- https://bugzilla.mozilla.org/show_bug.cgi?id=1278013
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5266
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://www.mozilla.org/security/announce/2016/mfsa2016-81.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-81.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1226977
- https://bugzilla.mozilla.org/show_bug.cgi?id=1226977
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5268
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:1964
- openSUSE-SU-2016:2026
- openSUSE-SU-2016:2026
- http://www.mozilla.org/security/announce/2016/mfsa2016-83.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-83.html
- 92260
- 92260
- 1036508
- 1036508
- USN-3044-1
- USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1253673
- https://bugzilla.mozilla.org/show_bug.cgi?id=1253673
- GLSA-201701-15
- GLSA-201701-15
Modified: 2024-11-21
CVE-2016-5270
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1291016
- https://bugzilla.mozilla.org/show_bug.cgi?id=1291016
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5271
The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.
Modified: 2024-11-21
CVE-2016-5272
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1297934
- https://bugzilla.mozilla.org/show_bug.cgi?id=1297934
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5273
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
Modified: 2024-11-21
CVE-2016-5274
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282076
- https://bugzilla.mozilla.org/show_bug.cgi?id=1282076
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5275
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.
Modified: 2024-11-21
CVE-2016-5276
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1287721
- https://bugzilla.mozilla.org/show_bug.cgi?id=1287721
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5277
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1291665
- https://bugzilla.mozilla.org/show_bug.cgi?id=1291665
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5278
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1294677
- https://bugzilla.mozilla.org/show_bug.cgi?id=1294677
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5279
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.
Modified: 2024-11-21
CVE-2016-5280
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1289970
- https://bugzilla.mozilla.org/show_bug.cgi?id=1289970
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5281
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
- RHSA-2016:1912
- RHSA-2016:1912
- DSA-3674
- DSA-3674
- http://www.geeknik.net/7gr1u98b9
- http://www.geeknik.net/7gr1u98b9
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=1284690
- https://bugzilla.mozilla.org/show_bug.cgi?id=1284690
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5282
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
Modified: 2024-11-21
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
Modified: 2024-11-21
CVE-2016-5284
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
- RHSA-2016:1912
- RHSA-2016:1912
- [dailydave] 20160915 Deep down the certificate pinning rabbit hole of "Tor Browser Exposed"
- [dailydave] 20160915 Deep down the certificate pinning rabbit hole of "Tor Browser Exposed"
- DSA-3674
- DSA-3674
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93049
- 93049
- 1036852
- 1036852
- https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/
- https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303127
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303127
- https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95
- https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-86/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
- https://www.mozilla.org/security/advisories/mfsa2016-88/
Modified: 2024-11-21
CVE-2016-5287
A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.
Modified: 2024-11-21
CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
Modified: 2024-11-21
CVE-2016-5289
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
- 94337
- 94337
- 1037298
- 1037298
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
Modified: 2024-11-21
CVE-2016-5290
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- RHSA-2016:2780
- RHSA-2016:2780
- RHSA-2016:2825
- RHSA-2016:2825
- 94335
- 94335
- 1037298
- 1037298
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169
- GLSA-201701-15
- GLSA-201701-15
- DSA-3730
- DSA-3730
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
Modified: 2024-11-21
CVE-2016-5291
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- RHSA-2016:2780
- RHSA-2016:2780
- 94336
- 94336
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1292159
- https://bugzilla.mozilla.org/show_bug.cgi?id=1292159
- GLSA-201701-15
- GLSA-201701-15
- DSA-3730
- DSA-3730
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
Modified: 2024-11-21
CVE-2016-5292
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-5296
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- RHSA-2016:2780
- RHSA-2016:2780
- 94339
- 94339
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1292443
- https://bugzilla.mozilla.org/show_bug.cgi?id=1292443
- GLSA-201701-15
- GLSA-201701-15
- DSA-3730
- DSA-3730
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
Modified: 2024-11-21
CVE-2016-5297
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- RHSA-2016:2780
- RHSA-2016:2780
- 94336
- 94336
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303678
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303678
- GLSA-201701-15
- GLSA-201701-15
- DSA-3730
- DSA-3730
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
Modified: 2024-11-21
CVE-2016-9063
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9064
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.
- RHSA-2016:2780
- RHSA-2016:2780
- 94336
- 94336
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303418
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303418
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
Modified: 2024-11-21
CVE-2016-9066
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- RHSA-2016:2780
- RHSA-2016:2780
- 94336
- 94336
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1299686
- https://bugzilla.mozilla.org/show_bug.cgi?id=1299686
- GLSA-201701-15
- GLSA-201701-15
- DSA-3730
- DSA-3730
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
Modified: 2024-11-21
CVE-2016-9067
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
- 94337
- 94337
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1301777
- https://bugzilla.mozilla.org/show_bug.cgi?id=1301777
- https://bugzilla.mozilla.org/show_bug.cgi?id=1308922
- https://bugzilla.mozilla.org/show_bug.cgi?id=1308922
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
Modified: 2024-11-21
CVE-2016-9068
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9069
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9070
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9071
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9073
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9074
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
- 94341
- 94341
- 1037298
- 1037298
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293334
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293334
- GLSA-201701-15
- GLSA-201701-15
- GLSA-201701-46
- GLSA-201701-46
- DSA-3730
- DSA-3730
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-90/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
- https://www.mozilla.org/security/advisories/mfsa2016-93/
Modified: 2024-11-21
CVE-2016-9075
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.
Modified: 2024-11-21
CVE-2016-9076
An issue where a "