Oracle Linux 8 : ELSA-2022-9074-1: / thunderbird (ELSA-2022-90741)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90741 advisory. Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and...
9.8CVSS
-0.3AI Score
0.007EPSS
Oracle Linux 7 : ELSA-2022-9079-1: / thunderbird (ELSA-2022-90791)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90791 advisory. A use-after-free in WebGL extensions could have led to a potentially exploitable crash. (CVE-2022-46882) Mozilla: Quoting from an HTML email with...
9.8CVSS
-0.3AI Score
0.007EPSS
Debian DSA-5301-1 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5301 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug...
9.8CVSS
-0.2AI Score
0.007EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5782-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5782-1 advisory. An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. (CVE-2022-46871) An attacker who...
8.8CVSS
9.3AI Score
0.007EPSS
Oracle Linux 7 : ELSA-2022-9072-1: / firefox (ELSA-2022-90721)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90721 advisory. A use-after-free in WebGL extensions could have led to a potentially exploitable crash. (CVE-2022-46882) A file with a long filename could have...
9.8CVSS
10AI Score
0.007EPSS
The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug only affects Firefox for Linux. Other operating systems are...
8.6CVSS
3AI Score
0.002EPSS
Reassessing cyberwarfare. Lessons learned in 2022
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...
0.1AI Score
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
6.2AI Score
0.004EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
0.004EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
9AI Score
0.004EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
8.8AI Score
0.004EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
1.9AI Score
0.004EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
8.8CVSS
8.8AI Score
0.004EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in.....
8.8CVSS
8.8AI Score
0.004EPSS
SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:4461-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4461-1 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via...
9.8CVSS
9.8AI Score
0.007EPSS
Mozilla Firefox Security Advisory (MFSA2022-51) - Linux
This host is missing a security update for Mozilla...
8.8CVSS
7.5AI Score
0.007EPSS
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:4462-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4462-1 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read...
9.8CVSS
9.8AI Score
0.007EPSS
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-348-02)
The version of mozilla-thunderbird installed on the remote host is prior to 102.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-02 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary ...
9.8CVSS
-0.2AI Score
0.007EPSS
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:4460-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4460-1 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via...
9.8CVSS
9.8AI Score
0.007EPSS
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
9.1AI Score
0.004EPSS
FreeBSD : chromium -- multiple vulnerabilities (83eb9374-7b97-11ed-be8f-3065ec8fd3ec)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 83eb9374-7b97-11ed-be8f-3065ec8fd3ec advisory. Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote...
8.8CVSS
0.2AI Score
0.004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-039)
The version of kernel installed on the remote host is prior to 5.4.224-128.414. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-039 advisory. 2024-05-23: CVE-2021-47103 was added to this advisory. A memory overflow vulnerability was found in the...
7.8CVSS
7.4AI Score
EPSS
Slackware Linux 15.0 mozilla-firefox Multiple Vulnerabilities (SSA:2022-348-01)
The version of mozilla-firefox installed on the remote host is prior to 102.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-01 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary ...
9.8CVSS
-0.2AI Score
0.007EPSS
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability affects Firefox < 108, Firefox ESR < 102.6...
8.6CVSS
8.4AI Score
0.002EPSS
Security Vulnerabilities fixed in Firefox 108 — Mozilla
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux. Other...
8.8CVSS
1.8AI Score
0.007EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. ...
9.8CVSS
-0.1AI Score
0.007EPSS
The version of Firefox installed on the remote Windows host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. ...
8.8CVSS
-0.1AI Score
0.007EPSS
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 8 security fixes, including: [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability.....
8.8CVSS
0.5AI Score
0.004EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable...
9.8CVSS
-0.1AI Score
0.007EPSS
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-53 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable...
9.8CVSS
10AI Score
0.007EPSS
KLA20125 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Blink Frames can be exploited to cause denial of service or...
8.8CVSS
9.7AI Score
0.004EPSS
Google Chrome < 108.0.5359.124 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_12_stable-channel-update-for-desktop_13 advisory. Use after free in Blink Media. (CVE-2022-4436) Use after free in Mojo...
8.8CVSS
-0.1AI Score
0.004EPSS
Google Chrome < 108.0.5359.125 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.125. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_12_stable-channel-update-for-desktop_13 advisory. Use after free in Blink Media. (CVE-2022-4436) Use after free in Mojo...
8.8CVSS
-0.1AI Score
0.004EPSS
The version of Thunderbird installed on the remote Windows host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-53 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. ...
9.8CVSS
10AI Score
0.007EPSS
Google Chrome < 108.0.5359.124 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 108.0.5359.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_12_stable-channel-update-for-desktop_13 advisory. Use after free in Blink Media. (CVE-2022-4436) Use after free in Mojo...
8.8CVSS
-0.1AI Score
0.004EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. ...
8.8CVSS
-0.1AI Score
0.007EPSS
Security Vulnerabilities fixed in Firefox ESR 102.6 — Mozilla
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux....
9.8CVSS
2AI Score
0.007EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. The Extended Stable channel has been updated to 108.0.5359.124 for Mac and...
8.8CVSS
8.9AI Score
0.004EPSS
Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux......
9.8CVSS
1.3AI Score
0.007EPSS
Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-3759)
Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details ** CVEID: CVE-2021-3759 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory overflow in the ipc function in the...
5.5CVSS
2AI Score
0.0004EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-023)
The version of kernel installed on the remote host is prior to 5.10.155-138.670. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-023 advisory. 2024-05-23: CVE-2021-47103 was added to this advisory. A memory overflow vulnerability was found in the...
7.8CVSS
7.5AI Score
EPSS
-0.6AI Score
Wipermania: An All You Can Wipe Buffet
Wipermania: An All You Can Wipe Buffet By Max Kersten · November 15, 2022 In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various organizations across sectors. This raised questions about the usage and impact of “digital weapons” within the security...
-0.5AI Score
Wipermania: An All You Can Wipe Buffet
Wipermania: An All You Can Wipe Buffet By Max Kersten · November 15, 2022 In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various organizations across sectors. This raised questions about the usage and impact of “digital weapons” within the security...
7.2AI Score
ipc: mqueue: fix possible memory leak in init_mqueue_fs()
ipc: mqueue: fix possible memory leak in init_mqueue_fs() This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
5.1AI Score
CVE-2020-16156: recognize CANNOT_VERIFY signature verification...
7.8CVSS
1.8AI Score
0.002EPSS
-0.4AI Score
-0.5AI Score
kernel security, bug fix, and enhancement update
[5.14.0-70.30.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.30.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the.....
7.8CVSS
0.3AI Score
0.001EPSS
openSUSE 15 Security Update : EternalTerminal (openSUSE-SU-2022:10187-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10187-1 advisory. A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition,...
7.5CVSS
7.4AI Score
0.003EPSS