CVE-2024-11693

The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

CVE-2024-11693

The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

UBUNTU-CVE-2024-11697

When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

CVE-2024-11693

The executable file warning was not presented when downloading .library-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Mozilla Firefox ESR < 128.5

The version of Firefox ESR installed on the remote Windows host is prior to 128.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-64 advisory. - Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed...

The vulnerability of the executable file promecefpluginhost.exe in the Prome CEF SubProcess subsystem of the WPS Office office software package on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the executable file promecefpluginhost.exe from the Prome CEF SubProcess subsystem of the WPS Office office software package on Windows operating systems is related to an incorrect path limitation for accessing the restricted directory. Exploiting this vulnerability could all...

PT-2024-10570 · Qualcomm · Qsee

Name of the Vulnerable Software and Affected Versions: QSEE affected versions not specified Description: The issue is related to the QSEE experiencing a fatal error during execution. This error occurs due to speculative instruction fetches from device memory, which is not valid executable memory...

Security Vulnerabilities fixed in Thunderbird 128.5 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. An attacker could cause a select...

Mozilla Firefox < 133.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-63 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under...

Mozilla Firefox < 133.0

The version of Firefox installed on the remote Windows host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-63 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific...

Security Vulnerabilities fixed in Thunderbird 133 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Malicious websites may have been able...

Mozilla Thunderbird < 133.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-67 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Unde...

Mozilla Thunderbird < 128.5

The version of Thunderbird installed on the remote Windows host is prior to 128.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-68 advisory. - Memory safety bugs present in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of thes...

CVE-2024-7243

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-7253

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-7242 Panda Security Dome Link Following Local Privilege Escalation Vulnerability

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

The vulnerability of the needrestart utility, related to concurrent access to resources (race condition), allows a violator to execute arbitrary code in the context of the root user.

The vulnerability of the needrestart tool is related to concurrent access to resources race condition. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user by replacing the file usr/bin/python with a malicious executable file...

Command Hijacking

symfony is vulnerable to Command Hijacking. The vulnerability is due to insecure handling of executable files in the current working directory by the Process class, allowing an attacker to execute arbitrary code by placing a malicious cmd.exe file in the directory...

Arbitrary File Upload

agnai is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to place files in attacker-controlled locations on the server, including executable JavaScript files...

QuickBooks popup scam still being delivered via Google ads

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. We've seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a pho...