149 matches found
Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption, some of which could...
Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption, some of which could...
Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption, some of which could...
CVE-2022-0116
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
DEBIAN-CVE-2022-0109
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page...
DEBIAN-CVE-2022-0102
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-0098
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures...
UBUNTU-CVE-2022-0100
Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
CVE-2022-22755
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...
UBUNTU-CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
UBUNTU-CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
Google fixes multiple vulnerabilities in Chrome
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Google Chrome has been updated to version 97, which addresses 37 security flaws. Google has classed ten of them as High and one as Critical, while the remaining thirteen have been classified as Medium or Low. These flaws po...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 97 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 97.0.4692.71 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...
Adobe Lightroom Classic < 10.4 Privilege escalation (APSB21-97)
The version of Adobe Lightroom Classic installed on the remote Windows host is prior to 10.4. It is, therefore, affected by a vulnerability as referenced in the APSB21-97 advisory. - Adobe Lightroom Classic 10.3 and earlier are affected by a privilege escalation vulnerability in the Offline...
74-50-97-2.static.hvvc.us Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1180000 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Code injection
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack...
USN-4247-1: python-apt vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be...
CVE-2016-10828
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path SEC-97...
March 19, 2019—KB4489893 (Preview of Monthly Rollup)
March 19, 2019—KB4489893 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4489881 released March 12, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an...