Mozilla Firefox Security Advisories (MFSA2023-32, MFSA2023-36) - Windows
Mozilla Firefox is prone to multiple...
8.8CVSS
9.5AI Score
0.001EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6320-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6320-1 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...
8.8CVSS
8.7AI Score
0.001EPSS
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
6.5CVSS
7AI Score
0.001EPSS
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-242-01)
The version of mozilla-firefox installed on the remote host is prior to 115.2.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-242-01 advisory. A website could have obscured the full screen notification by using the file open dialog. This could have ...
8.8CVSS
9AI Score
0.001EPSS
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...
6.5CVSS
7AI Score
0.001EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-35 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which...
8.8CVSS
9.5AI Score
0.001EPSS
KLA52675 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: Memory...
8.8CVSS
9.7AI Score
0.001EPSS
Security Vulnerabilities fixed in Firefox 117 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....
8.8CVSS
8.7AI Score
0.001EPSS
KLA52674 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Memory corruption vulnerability in IPC CanvasTranslator can be exploited remotely to cause.....
8.8CVSS
9.1AI Score
0.001EPSS
Security Vulnerabilities fixed in Thunderbird 115.2 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....
8.8CVSS
7.8AI Score
0.001EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-36 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which...
8.8CVSS
9.3AI Score
0.001EPSS
Security Vulnerabilities fixed in Firefox ESR 102.15 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....
8.8CVSS
7.8AI Score
0.001EPSS
KLA52660 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: Code...
8.8CVSS
9.7AI Score
0.001EPSS
Security Vulnerabilities fixed in Thunderbird 102.15 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....
8.8CVSS
8.6AI Score
0.001EPSS
Security Vulnerabilities fixed in Firefox ESR 115.2 — Mozilla
When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created....
8.8CVSS
7.8AI Score
0.001EPSS
KLA52661 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: Memory...
8.8CVSS
9.7AI Score
0.001EPSS
The version of Firefox installed on the remote Windows host is prior to 117.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-34 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to...
8.8CVSS
9.6AI Score
0.001EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-36 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led...
8.8CVSS
9.1AI Score
0.001EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 117.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-34 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could...
8.8CVSS
9.6AI Score
0.001EPSS
KLA52662 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Memory corruption vulnerability in IPC CanvasTranslator can be exploited remotely to cause.....
8.8CVSS
9.1AI Score
0.001EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 102.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-35 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have...
8.8CVSS
9.4AI Score
0.001EPSS
Fedora: Security Advisory for libqb (FEDORA-2023-5a717dd33d)
The remote host is missing an update for...
9.8CVSS
9.6AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: libqb-2.0.8-1.fc38
A "Quite Boring" library that provides high-performance, reusable features fo r client-server architecture, such as logging, tracing, inter-process communication (IPC), and...
9.8CVSS
9.6AI Score
0.001EPSS
Improver Validation of File Name Causes RCE
Description Due to insufficient sanitization of the music file name, it is possible to execute arbitrary commands on the victims computer, through a specially crafted file name. Note that this bug was only found exploitable only on the MacOS version of this application. Although still applicable...
7.7AI Score
Siemens Address Processing in SIMATIC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.4CVSS
8.2AI Score
0.003EPSS
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro...
5.3CVSS
5.3AI Score
0.0004EPSS
Malicious code in web3tool-providers-ipc (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (45dd480c31cdb6a16b4c7308f724f05b190296dae7805a05b87ae74a81440fe6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
MTE As Implemented, Part 2: Mitigation Case Studies
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). In Part 1 we discussed testing the technical (and implementation) limitations of MTE on the...
7.2AI Score
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. The scale of the attacks...
7AI Score
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...
7.8CVSS
7.6AI Score
0.974EPSS
samba -- multiple vulnerabilities
The Samba Team reports: CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where keys are character strings and values can be any of the...
7.5CVSS
6.3AI Score
0.041EPSS
SMB2 packet signing not enforced
Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a client....
5.9CVSS
6.4AI Score
0.001EPSS
Dahua Security - Configuration File Disclosure
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...
9.8CVSS
9.4AI Score
0.36EPSS
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Notes Author| Note ---|--- rodrigo-zaiden | issue in...
7.8CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in dotNET applications where the Windows dotNET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. A remote attacker can exploit DCOM applications that expose a diagnostic port to achieve cross-session/cross-user...
8.1CVSS
8.1AI Score
0.001EPSS
CVE-2023-22387 Use of Out-of-range Pointer Offset in Qualcomm IPC
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory...
7.8CVSS
7.8AI Score
0.0004EPSS
Amazon Linux 2023 : perl, perl-Attribute-Handlers, perl-AutoLoader (ALAS2023-2023-218)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-218 advisory. HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486) ...
8.1CVSS
6AI Score
0.003EPSS
Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1724 Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability June 26, 2023 CVE Number CVE-2023-1531 SUMMARY A use-after-free vulnerability exists in the WebGL rx::Image11::disassociateStorage functionality of Google Chrome Stable...
8.8CVSS
8.9AI Score
0.005EPSS
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....
7.3CVSS
7.2AI Score
0.001EPSS
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....
7.3CVSS
7.1AI Score
0.001EPSS
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....
7.3CVSS
7AI Score
0.001EPSS
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....
7.3CVSS
7.1AI Score
0.001EPSS
CVE-2023-1862 Remote access to warp-svc.exe in Cloudflare WARP
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....
7.3CVSS
7.3AI Score
0.001EPSS
🔒️ Requirements The user must load the malicious configuration and click on the buttons. 📝 Description This exploitation relies on several issues which chained together lead to an RCE. In the following subsection, I will try to explain it as best I can. 💉 Not sanitized HTML injection In the...
9.8CVSS
6.4AI Score
0.001EPSS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
8.9AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
Desktop APP RCE via saveDraft IPC
🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 (commit 5383c20e947fd772668316e407edc5d5db4850db), the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example...
9.8CVSS
7.1AI Score
0.001EPSS
8.8CVSS
7.7AI Score
0.001EPSS
linux-xilinx-zynqmp vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that the KVM VMX implementation in the Linux kernel did....
8.8CVSS
7.9AI Score
0.001EPSS
Linux kernel (Xilinx ZynqMP) vulnerabilities
Releases Ubuntu 20.04 LTS Packages linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors Details It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service...
8.8CVSS
8.3AI Score
0.001EPSS