Lucene search
K

103 matches found

Cisco
Cisco
added 2020/08/05 4:0 p.m.61 views

Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...

5.5CVSS1.2AI score0.00337EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.29 views

Debian DLA-2219-1 : feh security update

Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 8 'Jessie', this problem has been fixed in version 2.12-1+deb8u1. We recommend that you upgrade your feh packages. NOTE: Tenable Network...

9.8CVSS8AI score0.02266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/04/01 8:10 a.m.38 views

CVE-2019-11708

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

10CVSS4.2AI score0.55874EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2019/09/11 12:0 a.m.46 views

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...

10CVSS8.2AI score0.55874EPSS
Exploits18References16
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.34 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...

10CVSS8.5AI score0.55874EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.55 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...

10CVSS8.5AI score0.55874EPSS
Exploits14References3
Prion
Prion
added 2019/07/23 2:15 p.m.26 views

Design/Logic Flaw

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

10CVSS9.2AI score0.55874EPSS
Exploits10References5Affected Software3
CVE
CVE
added 2019/07/23 1:20 p.m.1354 views

CVE-2019-11708

CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...

10CVSS9.2AI score0.55874EPSS
In wildExploits10References6Affected Software2
Debian CVE
Debian CVE
added 2019/07/23 1:20 p.m.37 views

CVE-2019-11708

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

10CVSS9.3AI score0.55874EPSS
Exploits10
Veracode
Veracode
added 2019/07/01 12:15 a.m.31 views

Arbitrary Code Execution

firefox/thunderbird is vulnerable to arbitrary code execution. Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with...

10CVSS9.7AI score0.55874EPSS
Exploits10References9Affected Software2
OpenVAS
OpenVAS
added 2019/06/25 12:0 a.m.77 views

Ubuntu: Security Advisory (USN-4032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS10AI score0.55874EPSS
Exploits10References4
Ubuntu
Ubuntu
added 2019/06/24 3:43 p.m.179 views

USN-4032-1: Firefox vulnerability

It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code...

10CVSS8.9AI score0.55874EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2019/06/24 12:0 a.m.265 views

FreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)

Mozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-1170...

10CVSS8.5AI score0.55874EPSS
Exploits14References4
Tenable Nessus
Tenable Nessus
added 2019/06/24 12:0 a.m.24 views

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1684-1)

This update for MozillaFirefox fixes the following issues : Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 bsc1138872 CVE-2019-11708: Fix sandbox escape using Prompt:Open. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in...

10CVSS8.8AI score0.55874EPSS
Exploits10References4
Mozilla
Mozilla
added 2019/06/20 12:0 a.m.67 views

Security vulnerabilities fixed in Thunderbird 60.7.2 — Mozilla

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. Insufficient vetting of parameters passed with the Prompt:Open IPC message between chi...

10CVSS1.4AI score0.55874EPSS
Exploits14References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/06/20 12:0 a.m.40 views

Mozilla Firefox < 67.0.4

The version of Firefox installed on the remote Windows host is prior to 67.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-19 advisory. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in th...

10CVSS9.1AI score0.55874EPSS
Exploits10References2
Exploit DB
Exploit DB
added 2019/04/03 12:0 a.m.105 views

iOS &lt; 12.2 / macOS &lt; 10.14.4 XNU - pidversion Increment During execve is Unsafe

Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing authority. This, in turn, requires a way to identify a client process. If PIDs are used f...

7.4AI score
Exploits0
NVD
NVD
added 2018/06/11 9:29 p.m.12 views

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

9.8CVSS8.8AI score0.0282EPSS
Exploits1References6
Prion
Prion
added 2018/06/11 9:29 p.m.16 views

Design/Logic Flaw

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

7.5CVSS8.6AI score0.0282EPSS
Exploits1References6Affected Software8
CVE
CVE
added 2018/06/11 9:0 p.m.152 views

CVE-2017-5456

CVE-2017-5456 is a sandbox-escape vulnerability in Mozilla Firefox/Firefox ESR where the file system request constructor, via an IPC message, bypasses sandbox protections to gain read/write access to the local filesystem. Affected products include Firefox ESR versions before 52.1 and Firefox befo...

9.8CVSS7.6AI score0.0282EPSS
Exploits1References6Affected Software6
Rows per page
Query Builder