15 matches found
rhel-lightspeed: Improper Access Control in Lightspeed History Management Allows Local Privilege Manipulation
A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or...
CVE-2025-5962
CVE-2025-5962 affects Lightspeed history service. A local, unprivileged user can abuse inter-process communication with the history service to view, delete, or inject history entries, potentially manipulating another user’s chat history and enabling privilege misuse or unauthorized command execut...
Linux Distros Unpatched Vulnerability : CVE-2021-24001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not...
UBUNTU-CVE-2025-37948
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB...
CVE-2025-37948 arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB...
CVE-2023-41930
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...
CVE-2021-24001
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...
CVE-2021-24001
CVE-2021-24001 affects Mozilla Firefox prior to 88. A compromised content process could perform session history manipulations due to testing infrastructure not restricted to testing-only configurations, constituting a sandbox-escape scenario. Multiple connected sources confirm Firefox
Mozilla Firefox Permission License and Access Control Issues Vulnerability (CNVD-2021-49133)
Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox, which can be exploited by remote attackers using test code to enable session history manipulation...
UBUNTU-CVE-2021-24001
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...
Mozilla Firefox 权限许可和访问控制问题漏洞
Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox, which can be exploited by remote attackers using test code to enable session history manipulation...
Cross Site Scripting (XSS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...
Clickjacking Attack
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...
UBUNTU-CVE-2015-1300
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
CVE-2012-0585
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the 1 pushState or 2 replaceState method...