Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

CVE-2022-2200

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Prototype pollution in Top-Level Await implementation

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...

Vulnerability fixed in F-Secure products

A vulnerability has been fixed in the F-Secure Support tool, which is is used in Business Suite and consumer products. A authenticated malicious person could potentially exploit it to execute arbitrary code under higher privileges. F-Secure has made available an update that fixes the described...

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface UEFI firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in...

Thales Sentinel Protection Installer 安全漏洞

Thales Group Thales Sentinel Protection Installer is an integrated installer from the French company Thales Group. A security vulnerability exists in Thales Sentinel Protection Installer, which can be exploited by an attacker to execute code as a privileged user on a system on which the agent is...

Updated ntfs-3g packages fix security vulnerability

Security vulnerabilities were identified in the open source NTFS-3G and NTFSPROGS software. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local acce...

Apple macOS High Sierra 缓冲区错误漏洞

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers. apple macOS High Sierra has a security vulnerability that could be exploited by attackers to execute arbitrary code with elevated privileges...

Fortinet FortiSIEM Windows Agent安全漏洞

Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...

CVE-2020-5316

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an...

CVE-2021-31431

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2021-31432

The CVE-2021-31432 issue affects Parallels Desktop 15.1.5-47309 and is tied to the IDE virtual device. The root cause is improper validation of user-supplied data that leads to an out-of-bounds read (read past the end of an allocated buffer). This information disclosure vulnerability requires a l...

Microsoft Windows Multiple Vulnerabilities (KB4577041)

This host is missing a critical security update according to Microsoft KB4577041 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...