Lucene search
K

239 matches found

Prion
Prion
added 2019/07/23 2:15 p.m.15 views

Design/Logic Flaw

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

7.5CVSS9.1AI score0.01606EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2019/07/23 1:23 p.m.323 views

CVE-2019-11691

CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions < 60.7 and Firefox/Firefox ESR versions

9.8CVSS6.3AI score0.01606EPSS
Exploits0References4Affected Software3
Debian CVE
Debian CVE
added 2019/07/23 1:23 p.m.25 views

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS10AI score0.01606EPSS
Exploits0
Veracode
Veracode
added 2019/06/20 8:55 a.m.8 views

Regular Expression Denial Of Service (ReDoS)

useragent is vulnerable to regular expression denial of service ReDoS. The attacker can edit the useragent header to include a long useragent string containing long numbers or letters exhausting the CPU via an event loop and eventually crashing the server...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/06/03 8:52 p.m.6 views

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.2AI score0.01606EPSS
Exploits0References5
Veracode
Veracode
added 2019/05/27 12:39 a.m.21 views

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash...

9.8CVSS9AI score0.01606EPSS
Exploits0References7Affected Software4
RedHat Linux
RedHat Linux
added 2019/05/23 4:8 p.m.3 views

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.2AI score0.01606EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/23 3:53 p.m.3 views

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.2AI score0.01606EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/23 3:42 p.m.4 views

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.2AI score0.01606EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/05/21 12:0 a.m.30 views

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.1AI score0.01606EPSS
Exploits0References5
OSV
OSV
added 2019/05/21 12:0 a.m.3 views

UBUNTU-CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS7.2AI score0.01606EPSS
Exploits0References6
Veracode
Veracode
added 2019/05/02 5:46 a.m.23 views

Use-After-Free

mozilla frefox is vulnerable to use-after-free vulnerability. Remote attackers can execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

8.8CVSS9.4AI score0.03259EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/18 11:38 p.m.30 views

Regular Expression Denial of Service in jshamcrest

The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...

7.5CVSS7.1AI score0.01093EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/12/06 12:51 p.m.9 views

SUSE-SU-2018:3749-2 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 bsc1112852 - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395...

9.8CVSS9.2AI score0.03924EPSS
Exploits0References9
OSV
OSV
added 2018/08/29 11:4 p.m.3 views

GHSA-F523-2F5J-GFCG Regular Expression Denial of Service in timespan

Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is available f...

7.5CVSS7AI score0.01503EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2018/07/31 10:54 p.m.16 views

Moderate severity vulnerability that affects is-my-json-valid

Withdrawn, accidental duplicate publish. The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...

7.5CVSS6AI score0.01849EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/24 8:10 p.m.28 views

Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later...

7.5CVSS5.4AI score0.01758EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/24 8:6 p.m.30 views

Regular Expression Denial of Service in slug

Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds. Recommendatio...

7.5CVSS5.1AI score0.01584EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/08 2:49 a.m.16 views

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

7.5CVSS2.3AI score0.01162EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2018/06/07 9:19 p.m.22 views

CVE-2017-16118

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS3.8AI score0.01947EPSS
Exploits0References1
Rows per page
Query Builder