4671 matches found
CVE-2021-28026
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coefforder.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service...
Heap overflow
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coefforder.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service...
OESA-2021-1065 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Updated thunderbird packages fix security vulnerabilities
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs CVE-2021-23968. As specified in the W3C...
Updated firefox packages fix security vulnerabilities
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs CVE-2021-23968. As specified in the W3C...
EulerOS Virtualization 3.0.6.6 : spice-gtk (EulerOS-SA-2021-1519)
According to the versions of the spice-gtk packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system,...
UBUNTU-CVE-2021-25290
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size...
CVE-2021-25289
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...
DEBIAN-CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
Information disclosure
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
UBUNTU-CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
Oracle Linux 7 : firefox (ELSA-2021-0656)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-0656 advisory. 78.8.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...
Mozilla: MediaError message property could have leaked information about cross-origin resources
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
Mozilla: MediaError message property could have leaked information about cross-origin resources
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
Mozilla: MediaError message property could have leaked information about cross-origin resources
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...