Lucene search
K

419 matches found

BDU FSTEC
BDU FSTEC
added 2022/05/23 12:0 a.m.6 views

The vulnerability of the Array method in Mozilla Firefox and Mozilla Firefox ESR browsers, as well as the Thunderbird email client, allows a malicious actor to execute arbitrary JavaScript code in a privileged context.

The vulnerability of the Array method in Mozilla Firefox and Mozilla Firefox ESR browsers, as well as the Thunderbird email client, is related to errors during code generation. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code in a privileged context...

10CVSS8.2AI score0.26709EPSS
Exploits0References18Affected Software14
Tenable Nessus
Tenable Nessus
added 2022/05/23 12:0 a.m.32 views

Debian DSA-5143-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5143 advisory. - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of...

8.8CVSS9.1AI score0.26709EPSS
Exploits0References8
Mozilla
Mozilla
added 2022/05/20 12:0 a.m.586 views

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 — Mozilla

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. An attacker could have sent a message to the parent process where the contents were used to...

8.8CVSS2.9AI score0.26709EPSS
Exploits0References2Affected Software4
Tenable Nessus
Tenable Nessus
added 2022/05/20 12:0 a.m.47 views

Mozilla Firefox ESR < 91.9.1

The version of Firefox ESR installed on the remote Windows host is prior to 91.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-19 advisory. - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they cou...

8.8CVSS9.2AI score0.26709EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/05/20 12:0 a.m.82 views

Mozilla Firefox < 100.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 100.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-19 advisory. - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution,...

8.8CVSS9.1AI score0.26709EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2022/02/10 12:0 a.m.17 views

Apple OS X Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...

9.3CVSS8AI score0.49049EPSS
In wildExploits5
OSV
OSV
added 2022/01/20 12:0 a.m.6 views

CVE-2022-21658 Race condition in std::fs::remove_dir_all in rustlang

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

7.3CVSS6.9AI score0.01376EPSS
Exploits1References17
Cvelist
Cvelist
added 2022/01/18 2:10 p.m.33 views

CVE-2021-22566 Incorrect mapping of Executable bits in Fuchsia Kernel

An incorrect setting of UXN bits within mmuflagstos1pteattr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits...

5.1CVSS9.4AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/18 2:10 p.m.19 views

CVE-2021-22566 Incorrect mapping of Executable bits in Fuchsia Kernel

An incorrect setting of UXN bits within mmuflagstos1pteattr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits...

5.1CVSS6.8AI score0.00323EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.16 views

Mozilla Firefox Security Advisory (MFSA2012-95) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.8CVSS8.7AI score0.03263EPSS
Exploits1References3
CNVD
CNVD
added 2021/09/29 12:0 a.m.19 views

Zoom Plugin Code Execution Vulnerability

Zoom Plugin is a plug-in from Zoom ZOOM, Inc. A security vulnerability exists in previous versions of Zoom Plugin for Microsoft Outlook for MacOS 5.3.52553.0918, which stems from a Time of Check Use TOC TOU vulnerability included in the plug-in installation process. An attacker could exploit this...

7.5CVSS3.2AI score0.00566EPSS
Exploits0References1
Prion
Prion
added 2021/09/27 2:15 p.m.14 views

Code injection

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

6CVSS7.4AI score0.00566EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/27 2:0 p.m.27 views

CVE-2021-34413

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

7.6AI score0.00566EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2021/07/13 12:0 a.m.744 views

Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)

Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting XSS Date: 05/21/2019 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 CVE : CVE-2019-0221 Requirements: SSI support must be enabled within Apache Tomcat. SSI support is no...

6.1CVSS7AI score0.45571EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2020/09/08 9:32 a.m.4 views

keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution...

8.8CVSS6.1AI score0.02604EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/27 1:8 p.m.4 views

keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution...

8.8CVSS6.1AI score0.02604EPSS
Exploits0References4
OSV
OSV
added 2020/07/07 12:1 a.m.20 views

GHSA-H9JC-284H-533G Context isolation bypass via contextBridge in Electron

Impact Apps using both contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workaround...

7.7CVSS7.2AI score0.01003EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/02 1:21 p.m.4 views

keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution...

8.8CVSS6.1AI score0.02604EPSS
Exploits0References4
OSV
OSV
added 2019/11/18 9:15 p.m.7 views

CVE-2019-15054

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

6.1CVSS6.5AI score0.02691EPSS
Exploits0References2
NVD
NVD
added 2019/11/18 9:15 p.m.24 views

CVE-2019-15054

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

6.1CVSS6AI score0.02691EPSS
Exploits0References2
Rows per page
Query Builder