Lucene search
K

155 matches found

CNVD
CNVD
added 2024/09/04 12:0 a.m.6 views

Code Execution Vulnerability in Multiple Mozilla Products (CNVD-2024-40520)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products and is...

9.8CVSS7.9AI score0.00584EPSS
Exploits0References1
Redos
Redos
added 2024/09/02 12:0 a.m.19 views

ROS-20240902-09

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to memory security flaws. with memory security flaws. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

8.8CVSS7.8AI score0.00536EPSS
Exploits0
Redos
Redos
added 2024/09/02 12:0 a.m.10 views

ROS-20240902-21

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to memory security flaws. with memory security flaws. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

8.8CVSS8.1AI score0.00536EPSS
Exploits0
CNVD
CNVD
added 2024/07/12 12:0 a.m.11 views

Mozilla Firefox and Thunderbird Code Execution Vulnerability (CNVD-2024-36724)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. Mozilla Firefox and Thunderbird suffer from a code execution vulnerability caused by a memory security flaw in...

8.8CVSS7.6AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
added 2024/06/14 12:0 a.m.4 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2024-36730)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability caused by a memory security flaw in the browser engine. An attacker could exploit this vulnerability to execute arbitrary code on a system or...

9.8CVSS7.8AI score0.00577EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/18 12:0 a.m.10 views

Code execution vulnerability in multiple Mozilla products (CNVD-2024-37190)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

8.1CVSS8AI score0.00847EPSS
Exploits1References1
CNVD
CNVD
added 2024/04/18 12:0 a.m.5 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2024-37191)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that originates from the presence of a memory security error. An attacker could exploit this vulnerability to execute arbitrary code on a...

8.1CVSS7.8AI score0.00486EPSS
Exploits0References1
Xen Project
Xen Project
added 2024/03/12 5:6 p.m.72 views

GhostRace: Speculative Race Conditions

ISSUE DESCRIPTION Researchers at VU Amsterdam and IBM Research have discovered GhostRace; an analysis of the behaviour of synchronisation primitives under speculative execution. Synchronisation primitives are typically formed as an unbounded loop which waits until a resource is available to be...

5.7CVSS7AI score0.01231EPSS
Exploits0
OSV
OSV
added 2024/02/26 8:16 p.m.15 views

CVE-2024-24564 Vyper extract32 can ready dirty memory

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

3.7CVSS4.7AI score0.00561EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/02/19 10:34 a.m.24 views

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

8.8CVSS7.5AI score0.01835EPSS
Exploits0
Rosalinux
Rosalinux
added 2023/09/12 11:49 a.m.24 views

Advisory ROSA-SA-2023-2233

Software: thunderbird 102.14.0 OS: rosa-server79 packageevrstring: thunderbird-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text...

9.8CVSS8.8AI score0.13694EPSS
Exploits1
CNVD
CNVD
added 2023/06/28 12:0 a.m.18 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-55349)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 114, which stems from a memory security error that can be exploited by attackers to run arbitrary code...

9.8CVSS7AI score0.0078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/09 6:36 p.m.10 views

CVE-2021-46764

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service...

7.9AI score0.00626EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.5 views

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 111, which stems from a fixed memory security hole...

8.8CVSS8.4AI score0.00545EPSS
Exploits0References5
Redos
Redos
added 2023/03/15 12:0 a.m.33 views

ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...

8.8CVSS7.6AI score0.00817EPSS
Exploits0
Prion
Prion
added 2023/03/08 8:15 p.m.16 views

Out-of-bounds

wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...

6.5CVSS9.6AI score0.01251EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2023/01/25 1:35 p.m.56 views

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

5.3CVSS6.1AI score0.00504EPSS
Exploits0References4
NVD
NVD
added 2023/01/11 8:15 a.m.32 views

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

5.3CVSS5.3AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.7 views

AMD System Management Unit 缓冲区错误漏洞

The AMD System Management Unit SMU is a system management unit at UltraMicroelectronics AMD. The AMD System Management Unit has a security vulnerability that stems from the fact that its software interface between the ASP and the SMU may not enforce the SNP memory security policy, leading to a...

5.3CVSS5.7AI score0.00504EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/10 8:56 p.m.9 views

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

5.3AI score0.00504EPSS
Exploits0References1
Rows per page
Query Builder