CVE-2023-4577

The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...

CVE-2023-4574

The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...

CVE-2023-4577

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6320-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6320-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

CVE-2023-4573

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

Mozilla Firefox ESR < 115.2

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-36 advisory. - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs...

CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

Design/Logic Flaw

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

CVE-2022-46884

CVE-2022-46884 corresponds to a use-after-free in Firefox SVG Images when the Refresh Driver is destroyed at an inopportune moment, leading to memory corruption or a potentially exploitable crash. Affected product: Firefox (desktop). Impact as described: memory safety issue with SVG Images; prior...

CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

Rockwell Automation Select Distributed I/O Communication Modules

1. EXECUTIVE SUMMARY ​CVSS v3 8.6 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Rockwell Automation ​Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Serie...

Hitachi Energy AFF66x

1. EXECUTIVE SUMMARY ​CVSS v3 9.6 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: AFF66x ​Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource...

Fedora 37 : dotnet6.0 / dotnet7.0 (2023-25112489ab)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-25112489ab advisory. This is the August 2023 update for .NET 6 and .NET 7. Release Notes: - 7.0 SDK:...

ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION ​Successful...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : poppler vulnerabilities (USN-6299-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6299-1 advisory. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked int...

CVE-2023-40342

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control JUnit report file contents...

Huawei HarmonyOS PMS Module Input Validation Error Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an input validation error vulnerability, which stems from the PMS module's lax validation of input parameters, and can be...