Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not correctly escape the file path and the project name for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-9PVW-8Q92-HM9W Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...

Rockwell Automation FactoryTalk Transaction Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the...

Amazon Linux 2023 : libwebp, libwebp-devel, libwebp-java (ALAS2023-2023-185)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-185 advisory. A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. CVE-2023-1999 Tenable has extracted the preceding description block directly from the tested product...

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the vcu module of the MediaTek chips, which is caused by improper locking and may be exploited after release...

Double-Free

libwebp is vulnerable to Double Free. The vulnerability could cause memory corruption and potentially create a exploitable crash...

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 POC POC For A Pre Auth Double Free Vulnerability...

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and...

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and...

CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-25751

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-1945

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...

DEBIAN-CVE-2023-1945

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...

CVE-2023-1945

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...

Code injection

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

Memory corruption

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Memory corruption

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and...

Design/Logic Flaw

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Memory corruption

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...

Memory corruption

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for...