CVE-2022-21249

CVE-2022-21249 affects Oracle MySQL Server (Server: DDL) with affected versions up through 8.0.27 and earlier. The issue can be triggered by an attacker with network access via multiple protocols, potentially enabling a partial DoS on MySQL Server. The connected documents confirm affected package...

CVE-2022-21245

CVE-2022-21245 affects Oracle MySQL Server (Server: Security: Privileges) with vulnerable versions 5.7.36 and earlier and 8.0.27 and earlier. It allows a network-accessible, low-privilege attacker to perform unauthorized updates/inserts/deletes on data (I:LOW, A:N). The CVE entry provides affecte...

CVE-2022-21360

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

marked denial of service vulnerability (CNVD-2022-15958)

marked is a Markdown parser and compiler written in JavaScript. marked has a security vulnerability that can be exploited by attackers to cause a regular expression denial of service ReDoS...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 78 new security patches for Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

Debian DSA-5044-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5044 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

libde265 Access Control Error Vulnerability

Libde265 is a German h.265 video codec. libde265 is vulnerable to an access control error, which can be exploited by attackers to cause segmentation errors and application crashes, resulting in a remote denial of service...

CVE-2022-22742

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Mitsubishi Electric MELSEC-F Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Improper Initialization 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in the...

CVE-2022-22742

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

CVE-2022-22740

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

CVE-2022-22737

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have led to a race condition when playing audio files and closing windows. This could have lead to a use-after-free issue, causing a potentially exploitable crash...

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Remote Desktop Protocol RDP pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users’ machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned. Insider attackers could,...

Mozilla: Out-of-bounds memory access when inserting text in edit mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

Mozilla: Heap-buffer-overflow in blendGaussianBlur

The Mozilla Foundation Security Advisory describes this flaw as: Applying a CSS filter effect could have accessed out-of-bounds memory. This could have led to a heap-buffer-overflow, causing a potentially exploitable crash...

Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Out-of-bounds memory access when inserting text in edit mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

Mozilla: Race condition when playing audio files

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have led to a race condition when playing audio files and closing windows. This could have lead to a use-after-free issue, causing a potentially exploitable crash...