9459 matches found
Siemens SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files...
Cross-site Scripting (XSS) - Stored
Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...
Mozilla: Use-after-free in NSSToken objects
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Use-after-free in DocumentL10n::TranslateDocument
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...
Mozilla: Use-after-free after VR Process destruction
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Oracle Linux 8 : thunderbird (ELSA-2022-1301)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1301 advisory. 91.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.8.0-1 - Update to 91.8.0 Tenable has extracted...
KLA12500 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in storage can be exploited to cau...
openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2022:1127-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1127-1 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a...
Mozilla: Use-after-free after VR Process destruction
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Mozilla: Use-after-free in DocumentL10n::TranslateDocument
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...
Mozilla: Use-after-free after VR Process destruction
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash...
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...
Oracle Linux 8 : firefox (ELSA-2022-1287)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1287 advisory. 91.8.0-1.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.8.0-1 - Update to 91.8.0...
Debian DLA-2971-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2971 advisory. - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks cause...
Debian DSA-5113-1 : firefox-esr - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5113 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...
CVE-2022-1097
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash...
CVE-2022-28281
The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable cra...