CVE-2023-5171

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...

CVE-2023-5169

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...

CVE-2023-5169

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3...

CVE-2023-5168

CVE-2023-5168 refers to a vulnerability in Firefox on Windows where a compromised content process could supply malicious data to FilterNodeD2D1, causing an out-of-bounds write and potentially crashing a privileged process. The entry notes a high/critical risk with a base score of 9.8 (CVSSv3.1) a...

CVE-2023-5174

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. This bug...

CVE-2023-5171

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

CVE-2023-5168

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data to FilterNodeD2D1, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process...

Amazon Linux 2 : mariadb, --advisory ALAS2MARIADB10.5-2023-003 (ALASMARIADB10.5-2023-003)

The version of mariadb installed on the remote host is prior to 10.5.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MARIADB10.5-2023-003 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)

The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing informatio...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-002)

The version of firefox installed on the remote host is prior to 102.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-002 advisory. Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data fr...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2023-013 (ALASFIREFOX-2023-013)

The version of firefox installed on the remote host is prior to 102.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-013 advisory. Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian...

Suprema BioStar 2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Suprema Inc. Equipment : BioStar 2 Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Mozilla Firefox ESR < 115.3

The version of Firefox ESR installed on the remote Windows host is prior to 115.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-42 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-269-01)

The version of mozilla-firefox installed on the remote host is prior to 115.3.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-269-01 advisory. - A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an...

Mozilla Thunderbird < 115.3

The version of Thunderbird installed on the remote Windows host is prior to 115.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-43 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed...

Mozilla Firefox ESR < 115.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-42 advisory. - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs...

Security Vulnerabilities fixed in Thunderbird 115.3 — Mozilla

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.This bug only affects Firefox on Windows. Other operating systems are unaffected. A compromised content proces...

Rockwell Automation FactoryTalk View Machine Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Machine Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

CVE-2023-43495

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control this parameter...

Buffer overflow

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously...