CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

shim: out of bounds read when parsing MZ binaries

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

Security Vulnerabilities fixed in Firefox 125 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products, which...

The vulnerability of the UEFI loader’s shim, related to reading beyond the field, allows a hacker to trigger a system failure.

The vulnerability of the UEFI loader “shim” is related to errors in reading beyond the boundary, due to the lack of proper boundary checking during the loading of the binary PE file. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of the UEFI loader’s shim, related to integer overflow or bypassing, allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UEFI loader Shim is related to buffer overflows in 32-bit systems due to a multiplication operation that involves a user-controllable value analyzed from the binary file PE used by Shim. Exploiting this vulnerability can allow an attacker to compromise the confidentiality...

PT-2024-27520 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical issue has been found in the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated...

CVE-2020-8006

The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In...

[SECURITY] Fedora 38 Update: upx-4.2.3-1.fc38

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

CVE-2020-8006

The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In...

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within...

The vulnerability of the SmartScreen security component for preventing phishing and malicious programs in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the SmartScreen security component against phishing and malicious programs in Windows operating systems is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code, provided that the...

[SECURITY] Fedora 39 Update: upx-4.2.3-1.fc39

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

DEBIAN-CVE-2024-0072

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...