43 matches found
erase-install 安全漏洞
erase-install is a macOS system reinstallation and upgrade script developed by Graham Pugh. Versions of erase-install prior to v40.4 contained security vulnerabilities; these vulnerabilities stemmed from the practice of writing credential outputs into hardcoded paths, which could allow unverified...
PT-2026-7473
Name of the Vulnerable Software and Affected Versions cryptography versions prior to 46.0.5 Description The public key from numbers or EllipticCurvePublicNumbers.public key, EllipticCurvePublicNumbers.public key, load der public key, and load pem public key functions do not validate that the...
firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...
PT-2026-21706
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description An issue exists due to incorrect boundary conditions withi...
firefox: thunderbird: Spoofing issue in Firefox
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in Firefox...
Linux Distros Unpatched Vulnerability : CVE-2021-45085
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS...
Linux Distros Unpatched Vulnerability : CVE-2016-3679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service...
WebCatalog Security Vulnerabilities
WebCatalog is a desktop application from WebCatalog, Inc. that improves workflow and increases productivity. A security vulnerability exists in WebCatalog versions prior to 49.0 that stems from not validating whether a URL is used for an http or https resource...
PT-2023-28296 · Electron +1 · Electron +1
Name of the Vulnerable Software and Affected Versions: WebCatalog versions prior to 49.0 Description: The issue arises from WebCatalog calling the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This leads to incorrect...
PT-2023-21489 · Ibm · Bigfix Webui
Name of the Vulnerable Software and Affected Versions: BigFix WebUI Software Distribution interface site versions prior to 44 Description: A cross-site request forgery issue in the BigFix WebUI Software Distribution interface site allows an NMO attacker to access files on server-side systems,...
SUSE CVE-2014-7934
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...
SUSE CVE-2015-4473
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...
SUSE CVE-2015-4479
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data...
SUSE CVE-2015-6783
The FindStartOffsetOfFileInZipFile function in crazylinkerzip.cpp in crazylinker aka Crazy Linker in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP...
SUSE CVE-2015-7203
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name...
SUSE CVE-2016-1613
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destructi...
SUSE CVE-2016-1943
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method...
SUSE CVE-2016-5261
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR 45.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted packets that trigger incorrect buffer-resize operations durin...
SUSE CVE-2016-5280
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to execute arbitrary code via bidirectional text...
SUSE CVE-2017-5436
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox...