Cross-Site Scripting (XSS)

Overview Affected versions of angular are vulnerable to JSONP Callback Attack. JSONP JSON with padding is a method used to request data from a server residing in a different domain than the client. Any url could perform JSONP requests, allowing full access to the browser and the JavaScript contex...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. The vulnerability exists because the MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference...

Don't use functions as callbacks unless they're designed for it

Here's an old pattern that seems to be making a comeback: // Convert some numbers into human-readable strings: import toReadableNumber from 'some-library'; const readableNumbers = someNumbers.maptoReadableNumber; Where the implementation of toReadableNumber is like this: export function...

CVE-2020-11148

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Design/Logic Flaw

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11148

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

CVE-2020-11148

CVE-2020-11148 describes a use-after-free in HIDL when posting events from a callback in a Snapdragon stack (Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables). The root cause is that a callback instance can be deleted in a window where an internal mutex is not held and a clo...

Hunting for Bugs in Windows Mini-Filter Drivers

Posted by James Forshaw, Project Zero In December Microsoft fixed 4 issues in Windows in the Cloud Filter and Windows Overlay Filter WOF drivers CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17139. These 4 issues were 3 local privilege escalations and a security feature bypass, and the...

DEBIAN-CVE-2020-35111

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...

Design/Logic Flaw

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...

CVE-2020-35111

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...

Common Resolutions to “Cannot Complete Your Request” Error when connecting through Citrix Gateway

Symptoms or Error The “Cannot Complete Your Request” error is displayed whenconnecting through Citrix Gateway. However, this is an error could occur when connecting to StoreFront Server directly or through Load Balancer based on different deployment scenarios. To narrow down through which...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists through an extension with the proxy permission registered to receive , where IP addresses were leaked through the source of the proxy.onRequest callback was not triggered for view-source URLs...

CVE-2020-35111

When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability where the proxy fails to triage the onRequest callback for a view source url when an extension registers to receive it with proxy privileges...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

CURL-CVE-2020-8285 FTP wildcard stack overflow

libcurl offers a wildcard matching functionality, which allows a callback set with CURLOPTCHUNKBGNFUNCTION to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns...