Cross site request forgery (csrf)

An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

CVE-2020-8420

CVE-2020-8420 affects Joomla! up to version 3.9.14 (before 3.9.15). The issue is a CSRF vulnerability caused by a missing CSRF token check in the LESS compiler of com_templates. The provided connected documents confirm the vulnerable component and root cause but do not provide exploit details or ...

CVE-2020-8420

An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

PT-2020-20125 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.15 Description: A missing CSRF token check in the LESS compiler of com templates causes a CSRF issue. This allows for potential exploitation. Recommendations: For versions prior to 3.9.15, update to version 3.9.1...

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2019-2073)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the IonMonkey JIT-compiler for Firefox and Firefox ESR browsers lies in the access to resources through incompatible types. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the IonMonkey JavaScript compiler for Firefox and Firefox ESR browsers is related to a data type conversion error. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service interruptions through a...

CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

Arbitrary Code Execution

mozilla firefox is vulnerable to arbitrary code execution. Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion...

Oracle GraalVM Enterprise Edition CVE-2020-2595 Remote Security Vulnerability

Description Oracle GraalVM Enterprise Edition is prone to a remote security vulnerability. This vulnerability can be exploited over the 'Multiple' protocols. The 'GraalVM Compiler' component is affected. This vulnerability affects the following supported versions: 19.3.0.2 Technologies Affected...

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ‘.NET Framework Remote Code Execution Injection Vulnerability’. Recent assessments: zeroSteiner at March 20, 2020 1:31pm UTC reported: The SharePoint WorkFlow component is affected...

Mozilla Thunderbird Security Advisory (MFSA2020-04) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

FreeBSD : e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability (8b61308b-322a-11ea-b34b-1de6fb24355d)

Lilith of Cisco Talos reports : A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger...

Mozilla Thunderbird < 68.4.1

The version of Thunderbird installed on the remote Windows host is prior to 68.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-04 advisory. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. ...

MGASA-2020-0027 Updated firefox packages fix security vulnerability

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration CVE-2019-17016. Due to a missing case handling object types, a type confusion...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-firefox-68.4.1esr-i686-1slack14.2.txz: Upgraded. This release fixes a critial security issue: Mozilla Foundation...

Mozilla Firefox Security Advisories (MFSA2020-03, MFSA2020-03) - Mac OS X

Mozilla Firefox is prone to type confusion vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox < 72.0.1

The version of Firefox installed on the remote Windows host is prior to 72.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware ...

Mozilla Firefox ESR < 68.4.1

The version of Firefox ESR installed on the remote Windows host is prior to 68.4.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are...

Mozilla Firefox ESR < 68.4.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.4.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion...

Exploit for Integer Overflow or Wraparound in Apple Icloud

Exploiting CVE-2019-8601 This is an exploit for a WebKit vuln...