CVE-2022-4064

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

CVE-2022-4064

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

Dalli 注入漏洞

Dalli is a high-performance pure Ruby client for accessing memcached servers by Peter Goldstein, a personal developer. Dalli suffers from an injection vulnerability that stems from an affected self.metaset function in the lib/dalli/protocol/meta/requestformatter.rb file of the component Meta...

CVE-2022-4064 Dalli Meta Protocol request_formatter.rb self.meta_set injection

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

CVE-2022-4064

Dalli (Ruby memcached client) up to version 3.2.2 is affected by a vulnerability in self.meta_set within lib/dalli/protocol/meta/request_formatter.rb of the Meta Protocol Handler. Manipulating the cas/ttl argument leads to code injection that can be launched remotely. Attacker success probability...

Unsanitized input leading to code injection in Dalli

A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is...

The vulnerability affects implementations of protocols that transmit data to Microsoft applications, Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird. This allows a perpetrator to execute arbitrary code.

The vulnerability in the implementation of protocols that transmit data to Microsoft applications, Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird is related to authentication errors in the handler for the customizable URL scheme. Exploiting this vulnerability allows a remo...

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

CentOS: Security Advisory for firefox (CESA-2021:5014)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:4150-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Update to version 91.4 MFSA 2021-54 bsc1193485 - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscre...

Mozilla Firefox ESR Security Advisory (MFSA2021-53) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Thunderbird Security Advisories (MFSA2021-50, MFSA2021-54) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

OPENSUSE-SU-2021:3993-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 bsc1193485: - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing...

SUSE-SU-2021:3993-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 bsc1193485: - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing...

CentOS 8 : thunderbird (CESA-2021:5045)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:5045 advisory. - Mozilla: JavaScript unexpectedly enabled for the composition area CVE-2021-43528 - Mozilla: URL leakage when navigating while executing asynchronous...

RHEL 8 : thunderbird (RHSA-2021:5055)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5055 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.4.0. Security Fixes: Mozilla:...

RHEL 7 : thunderbird (RHSA-2021:5046)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5046 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.4.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2021:5045)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5045 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.4.0. Security Fixes: Mozilla:...

RHEL 8 : firefox (RHSA-2021:5013)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5013 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...