9438 matches found
CVE-2024-11240
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...
CVE-2024-11058
A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be...
[slackware-security] expat
New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.6.4-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fix crash within function XMLResumeParser from ...
firefox: thunderbird: Use-after-free in layout with accessibility
The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...
firefox: thunderbird: Use-after-free in layout with accessibility
The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...
CVE-2024-10941
A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox 126...
K000148380: MySQL vulnerability CVE-2024-21204
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-a...
firefox: thunderbird: Use-after-free in layout with accessibility
The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...
firefox: thunderbird: Use-after-free in layout with accessibility
The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...
CVE-2024-50802
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...
FreeBSD : librewolf -- Undefined behavior in selection node cache (b73d1f2a-96de-11ef-9e71-00d8612f03c8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b73d1f2a-96de-11ef-9e71-00d8612f03c8 advisory. [email protected] reports: When manipulating the selection node cache, an attacker may have been abl...
SUSE CVE-2024-10468
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...
K000148311: MySQL vulnerabilities CVE-2024-21201, CVE-2024-21230, and CVE-2024-21200
Security Advisory Description CVE-2024-21201 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wit...
K000148310: MySQL vulnerabilities CVE-2024-21213, CVE-2024-21194, CVE-2024-21218, CVE-2024-21199, and CVE-2024-21207
Security Advisory Description CVE-2024-21213 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to...
CVE-2024-10459
The Mozilla Foundation's Security Advisory: An attacker could cause a use-after-free when accessibility is enabled, leading to a potentially exploitable crash...
CVE-2024-10468
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...
CVE-2024-10459
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...
UBUNTU-CVE-2024-10468
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox 132 and Thunderbird 132...