CVE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

CVE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

CVE-2024-25978

CVE-2024-25978 : Moodle is affected by a denial-of-service risk due to insufficient file size checks in the file picker’s unzip functionality. The available connected documents confirm the vulnerability and its impact but do not provide concrete technical details such as affected versions or exac...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

Cross site scripting

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

PT-2023-28806 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. This enables the attacker to injec...

CVE-2023-43360

CMS Made Simple 2.2.18 is affected by a Cross-Site Scripting vulnerability in the File Picker Menu’s Top Directory parameter. A local attacker can inject crafted scripts to gain arbitrary code execution within the CMS. Root cause: improper handling of user-supplied input in the Top Directory fiel...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-014)

The version of firefox installed on the remote host is prior to 102.15.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-014 advisory. Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback...

Important: firefox

Issue Overview: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Memory corruption in IPC FilePickerShownCallback CVE-2023-4575 XLL file extensions were downloadable without warnings. CVE-2023-4581 Memory safety bug...

Oracle Linux 9 : thunderbird (ELSA-2023-4955)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4955 advisory. 102.15.0-1.0.1 - Update to 102.15.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

DEBIAN-CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

Design/Logic Flaw

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575 Memory corruption in IPC FilePickerShownCallback

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575

CVE-2023-4575 describes a memory safety risk in Mozilla components where IPC FilePickerShownCallback could suffer a use-after-free due to multiple identical callbacks being created and destroyed concurrently during File Picker window invocation. Affected products include Firefox (all listed varia...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

CVE-2023-4575

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...