GHSA-Q787-QGW2-J2QF Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Hitachi Energy LinkOne WebView

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...

Racing against the clock -- hitting a tiny kernel race window

TL;DR: How to make a tiny kernel race window really large even on kernels without CONFIGPREEMPT: use a cache miss to widen the race window a little bit make a timerfd expire in that window which will run in an interrupt handler - in other words, in hardirq context make sure that the wakeup...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

WordPress Yoo Slider plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Yoo Slider plugin version 2.0.0 and previous...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:0804-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0804-1 advisory. - Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had...

Incomplete validation in `SparseSparseMinimum`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.ones45, 92, dtype=tf.int64 avalues = tf.ones45, dtype=tf.int64...

GHSA-874R-46C6-7P4R Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

CVE-2022-27197

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure views...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

AlmaLinux 8 : thunderbird (ALSA-2022:0129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0129 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. An attacker is able to exploit the vulnerability by forcing a text reflow in an SVG object leading to a potentially exploitable crash...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:0777-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0777-1 advisory. - Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in...

CVE-2022-26381

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

CVE-2022-26381

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...

Staking tokens can be stolen

Lines of code Vulnerability details Impact The staking contract keeps track of shares of each user. When withdrawing from the staking contract the amount parameter is converted to shares and this value is decreased shares = amount / totalbalance totalshare. This shares calculation rounds down whi...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-22-069-13 Siemens Mendix that was published March 10, 2021, to...