411 matches found
Malicious Package
json-serializer is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package in json-serializer
Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 2.0.10 of this module is found installed yo...
GHSA-7XFQ-XH6V-4MRM Malicious Package in json-serializer
Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 2.0.10 of this module is found installed yo...
@albalyu/npm-scripts (>=2.0.1 <=2.0.40), @opuscapita/eslint-config-opuscapita-bnapp (>=1.0.1 <=1.0.6) +7 more potentially affected by CVE-2020-36632 via flat (=3.0.0)
flat NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @albalyu/npm-scripts =2.0.1, =1.0.1, =2.2.1, =2.0.0, =0.0.1-beta.2, =4.0.1, =0.3.0-beta.16, =0.3.0-beta.83 Source cves: CVE-2020-36632 Source advisory:...
eos buffer error vulnerability
eos is an open source smart contract platform. A stack overflow vulnerability exists in the 'abiserializer' function in versions after eos commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168. An attacker can exploit this vulnerability by sending a network request to attack an eos network node...
firestore:firestore_serializer_fuzzer: Crash in pb_release_single_field
Detailed Report: https://oss-fuzz.com/testcase?key=5691535105720320 Project: firestore Fuzzing Engine: afl Fuzz Target: serializerfuzzer Job Type: aflasanfirestore Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0xfffffffffffffff1 Crash State: pbreleasesinglefield pbrelease pbdecode...
eos buffer overflow vulnerability
eos is an open source smart contract platform. A stack overflow vulnerability exists in the 'abiserializer' function in versions after eos commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168. An attacker can exploit this vulnerability by sending a network request to attack an eos network node...
Malicious Package
Overview adequate-serializer is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Mozilla: Buffer overflow in plain text serializer
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
Mozilla: Buffer overflow in plain text serializer
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
DEBIAN-CVE-2019-17005
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
CVE-2019-17005
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
CVE-2019-17005
The CVE-2019-17005 issue is a memory safety vulnerability in Mozilla’s plain text serializer where a fixed-size array for the number of elements could overflow, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird, Firefox ESR, and Firefox (all ver...
CVE-2019-17005
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
CVE-2019-17005
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
CVE-2019-17005
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...
thunderbird security update
CentOS Errata and Security Advisory CESA-2019:4148 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191210)
This update upgrades Thunderbird to version 68.3.0. Security Fixes : - Mozilla: Use-after-free in worker destruction CVE-2019-17008 - Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 CVE-2019-17012 - Mozilla: Buffer overflow in plain text serializer CVE-2019-17005 - Mozilla:...
CentOS 6 : firefox (CESA-2019:4108)
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Mozilla: Buffer overflow in plain text serializer
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...