24 matches found
SUSE CVE-2018-5163
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
CVE-2018-5163
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
CVE-2018-5163
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
Code injection
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
CVE-2018-5163
This CVE refers to Firefox
CVE-2018-5163
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
Mozilla Firefox Code Execution Vulnerability (CNVD-2018-11789)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 60. A remote attacker can exploit this vulnerability by replacing an alternate data source stored in the JavaScript Start-up...
UBUNTU-CVE-2018-5163
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
CVE-2018-5163
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...
Security vulnerabilities fixed in Firefox 60 — Mozilla
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...
RHEL 6 : python-jinja2 (RHSA-2014:0747)
Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
CentOS 6 : python-jinja2 (CESA-2014:0747)
Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Scientific Linux Security Update : python-jinja2 on SL6.x i386/x86_64 (20140611)
It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of...
Oracle Linux 6 : python-jinja2 (ELSA-2014-0747)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2014-0747 advisory. 2.2.1-2 - Fix CVE-2014-1402 Resolves: rhbz1102889 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
Moderate: Red Hat Security Advisory: python-jinja2 security update
Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Moderate: Red Hat Security Advisory: python33-python-jinja2 and python27-python-jinja2 security update
Updated python33-python-jinja2 and python27-python-jinja2 packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
python-jinja2: FileSystemBytecodeCache insecure cache temporary file use
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
CVE-2014-1402
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
PYSEC-2014-82
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...
CVE-2014-1402
CVE-2014-1402 affects the Jinja2 template engine. The vulnerability is in the default configuration of bccache.FileSystemBytecodeCache, where Jinja2 before 2.7.2 does not properly create temporary files/directories, allowing a local attacker to gain privileges via a crafted .cache file named star...