Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Mozilla: Incoherent instruction cache when building WASM on ARM64

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Mozilla: Incoherent instruction cache when building WASM on ARM64

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Mozilla: Incoherent instruction cache when building WASM on ARM64

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash...

Mozilla: Out of bounds read when decoding H264

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash...

Security Bulletin: Potential Oracle Outside In Technology Vulnerabilities Exposed in DB2 9.7.0.4 Accessories Suite (CVE-2011-2264, CVE-2011-0794, and CVE-2011-0808)

Abstract Oracle Outside In Technology contains exploitable vulnerabilities in the CorelDRAW CVE-2011-2264 file parser, the File ID SDK CVE-2011-0794, and file filters CVE-2011-0808. Each of these vulnerabilities may allow a remote, unauthenticated user to execute arbitrary code on a vulnerable...

CVE-2022-41224

A flaw was found in the Jenkins package. Jenkins does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers able to control tooltips for this component...

GHSA-7QPM-VMWV-HQ7H Stored XSS vulnerability in Jenkins Walti plugin

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide malicious API responses from Walti...

Oracle Linux 9 : mysql (ELSA-2022-6590)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6590 advisory. 8.0.30-3 - Release bump for rebuild 8.0.30-1 - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, OpenSSL 3, s390 and robin hood - Add ...

Cross site scripting

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-41225

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control API responses by Anchore engine...

CVE-2022-40960

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

CVE-2022-38956

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.11.1.9 and earlier...

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804. The advisory reveals a command injection vulnerability in multiple API endpoints, which allows an attacker with access to a public repository or with read permissions to a...

Mozilla Firefox < 105.0

The version of Firefox installed on the remote Windows host is prior to 105.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-40 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...

Host Engineering Communications Module

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Host Engineering Equipment: H0-ECOM100 Communications Module Vulnerability: Stack-based Buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...