Lucene search
K

2294 matches found

RedHat Linux
RedHat Linux
added 2024/10/31 7:23 p.m.4 views

firefox: DOM push subscription message could hang Firefox

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...

7.5CVSS7.4AI score0.00815EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2024/10/29 2:26 p.m.10 views

CVE-2024-10466

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...

4.3CVSS8.3AI score0.00815EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2024/10/29 1:15 p.m.13 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

7.5CVSS6.8AI score0.00815EPSS
Exploits0References7
NVD
NVD
added 2024/10/29 1:15 p.m.15 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

7.5CVSS0.00815EPSS
Exploits0References7
OSV
OSV
added 2024/10/29 1:15 p.m.17 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

7.5CVSS6.8AI score
Exploits0References7
Debian CVE
Debian CVE
added 2024/10/29 12:19 p.m.11 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

7.5CVSS6.6AI score0.00815EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/10/29 12:19 p.m.11 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

6.3AI score0.00815EPSS
Exploits0References5
CVE
CVE
added 2024/10/29 12:19 p.m.305 views

CVE-2024-10466

CVE-2024-10466: A specially crafted push message can hang the parent process, making the browser unresponsive. Affected: Firefox < 132, Firefox ESR < 128.4, Thunderbird

7.5CVSS6.2AI score0.00815EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2024/10/29 12:19 p.m.13 views

CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

0.00815EPSS
Exploits0References5
Mozilla
Mozilla
added 2024/10/29 12:0 a.m.22 views

Security Vulnerabilities fixed in Firefox 132 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

9.8CVSS9.3AI score0.00701EPSS
Exploits0References11Affected Software1
Mozilla
Mozilla
added 2024/10/29 12:0 a.m.20 views

Security Vulnerabilities fixed in Firefox ESR 128.4 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...

7.5CVSS9.3AI score0.00701EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/24 12:0 a.m.10 views

CVE-2024-48514

php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...

7.6AI score0.00961EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2024/10/20 7:37 a.m.30 views

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month an email that...

6.1CVSS5.9AI score0.73296EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/10/17 10:15 a.m.62 views

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

9.3CVSS8.8AI score0.99945EPSS
Exploits33
Vulnrichment
Vulnrichment
added 2024/10/15 8:20 a.m.14 views

CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...

10CVSS8AI score0.00625EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/07 5:38 p.m.4 views

Malicious code in ws-api-typescript-websocket-hooks (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/07 5:38 p.m.2 views

Malicious code in ads-api-report-fetcher (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57e20c733e3432bce50d7684946f0b982e3dd599d8a2df2689208afe1237c24d Any computer that has this package installed or running...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/07 5:38 p.m.3 views

Malicious code in ws-api-typescript-infra (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 307f2e541390b49f3169786119b7f694fa2a2da04848f23037e9e101c4cefa85 Any computer that has this package installed or running...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/10/07 5:38 p.m.5 views

MAL-2024-9261 Malicious code in ws-api-typescript-websocket-hooks (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/07 5:38 p.m.8 views

MAL-2024-9260 Malicious code in ws-api-typescript-infra (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 307f2e541390b49f3169786119b7f694fa2a2da04848f23037e9e101c4cefa85 Any computer that has this package installed or running...

7AI score
Exploits0References1
Rows per page
Query Builder