XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system...

Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Two critical zero-day vulnerabilities have been identified in Mozilla Firefox that are being exploited in-the-wild and tracked as CVE-2022-26485 and CVE-2022-26485. Both are use-after-free bugs that exist in XSLT parameter...

Update now! Mozilla patches two actively exploited vulnerabilities

Mozilla has announced it has fixed security vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Users should install the out-of-band security update as soon as possible, since it is designed to apply a fix for two vulnerabilities that are known to...

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to...

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free...

Mozilla Firefox Security Advisory (MFSA2022-09) - Mac OS X

Mozilla Firefox is prone to multiple use-after-free...

Mozilla Firefox < 97.0.2

The version of Firefox installed on the remote Windows host is prior to 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports...

Mozilla Firefox < 97.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...

Debian DLA-2933-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2933 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...

Mozilla Thunderbird < 91.6.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...

Mozilla Thunderbird Security Advisory (MFSA2022-09) - Mac OS X

Mozilla Thunderbird is prone to multiple use-after-free...

Mozilla Firefox ESR < 91.6.1

The version of Firefox ESR installed on the remote Windows host is prior to 91.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had ...

Mozilla Thunderbird Security Advisory (MFSA2022-09) - Windows

Mozilla Thunderbird is prone to multiple use-after-free...

Mozilla Firefox ESR Security Advisory (MFSA2022-09) - Windows

Mozilla Firefox is prone to multiple use-after-free...

Mozilla Firefox Security Advisory (MFSA2022-09) - Windows

Mozilla Firefox is prone to multiple use-after-free...

Ubuntu: Security Advisory (USN-5314-1)

The remote host is missing an update for...

Mozilla Firefox ESR < 91.6.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have...

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code...

Debian DSA-5090-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5090 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the...

Mozilla Thunderbird < 91.6.2

The version of Thunderbird installed on the remote Windows host is prior to 91.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had ...

Mozilla Firefox ESR Security Advisory (MFSA2022-09) - Mac OS X

Mozilla Firefox is prone to multiple use-after-free...

Mageia: Security Advisory (MGASA-2022-0089)

The remote host is missing an update for...

firefox vulnerabilities

A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26485) A use-after-free was discovered in the...

Updated firefox packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free (CVE-2022-26485). An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5314-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5314-1 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had...

Firefox vulnerabilities

Releases Ubuntu 21.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit...

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox &lt; 97.0.2, Firefox ESR &lt; 91.6.1, Firefox for Android &lt; 97.3.0, Thunderbird &lt; 9...

KLA12475 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in XSLT parameter processing can be exploited to cause denial.....

KLA12470 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in XSLT parameter processing can be exploited to cause denial of...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-064-01)

The version of mozilla-firefox installed on the remote host is prior to 91.6.1esr / 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-064-01 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable...

Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 — Mozilla

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of...

KLA12469 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in XSLT parameter processing can be exploited to cause denial.....

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

Design/Logic Flaw

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

CVE-2021-3743

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

Security update for conmon, libcontainers-common, libseccomp, podman (moderate)

An update that solves 7 vulnerabilities, contains one feature and has one errata is now available. Description: This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: fix CVE-2021-41190 [bsc#1193273],...

Google launches Chrome 99, fixes 28 vulnerabilities

The Chrome team announced the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux on March 1, 2022. This will roll out over the coming days/weeks. In the desktop version, a total of 28 vulnerabilities were closed. Of these, 11 were classified as high, 15 as medium and two as...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...

Buffer overflow

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...

CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory...

Security update for the Linux Kernel (important)

An update that solves 17 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source...

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

CVE-2022-0185 linux 内核提权(逃逸) [toc] 漏洞简介 漏洞编号:...

Security Bulletin: Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER

Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by ProtecTIER. ProtecTIER has addressed the applicable CVEs including the vulnerability commonly referred to as “Badlock”. Vulnerability Details CVEID: CVE-2016-2118 DESCRIPTION: Samba could allow a remote attacker to...

EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2022-1046)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1046)

The remote host is missing an update for the Huawei...