Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions

The Mozilla Foundation Security Advisory describes this flaw as: A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code...

USN-5782-1 firefox vulnerabilities

It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. CVE-2022-46871 Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker coul...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5782-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5782-1 advisory. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentran...

Oracle Linux 7 : ELSA-2022-9079-1: / thunderbird (ELSA-2022-90791)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90791 advisory. 102.6.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.6.0-2 - Update to...

Oracle Linux 7 : ELSA-2022-9072-1: / firefox (ELSA-2022-90721)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90721 advisory. 102.6.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add...

Slackware Linux 15.0 mozilla-firefox Multiple Vulnerabilities (SSA:2022-348-01)

The version of mozilla-firefox installed on the remote host is prior to 102.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-01 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary file...

UBUNTU-CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

Security Vulnerabilities fixed in Firefox 108 — Mozilla

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux. Other operati...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. - Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla...

PT-2025-53113

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the hfs module, specifically in the hfs asc2mac function. A Syzbot report identified an out-of-bounds write issue. This occurs when the input leng...

CVE-2022-45507

Tenda W30E V1.0.1.25633 was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName...

Debian DSA-5294-1 : jhead - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5294 advisory. Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed attackers to execute arbitrary OS commands by placing them in a JPEG filename and then...

Sinatra 安全漏洞

Sinatra is a DSL for easily creating web applications in Ruby. A security vulnerability exists in Sinatra version 2.0 up to and including version 2.2.3, and version 3.0 up to and including version 3.0.4, which stems from an application being vulnerable to a Reflected File Download RFD attack when...

TOTOLINK NR1800X Command Injection Vulnerability

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. A command injection vulnerability exists in the TOTOLI...

CVE-2022-44252

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the setUploadSetting function...

CVE-2022-44252

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the setUploadSetting function...

Command injection

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function...

Command injection

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the setUploadSetting function...

CVE-2022-44249

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function...

PT-2022-27151 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue concerns a command injection via the FileName parameter in the setUploadSetting function. This allows for potential malicious commands to be executed. No information is...