Mozilla: Use-after-free of ChannelEventQueue::mOwner

The Mozilla Foundation Security Advisory describes this flaw as: Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash...

Mozilla: Out-of-bounds memory access when inserting text in edit mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash...

Updated nss and firefox packages fix security vulnerabilities

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

Privilege escalation

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected...

No slippage tolerance set in NonUSTStrategy

Handle palina Vulnerability details Impact The exchange performed in NonUSTStrategy.sol via Curve is executed with "0" as the minimum amount received as the result of the operation, which is likely to be exploited by front-running and may lead to the loss of funds. Proof of Concept...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote Windows host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith,...

TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL -2021-43055

TIBCO eFTL Token Caching Vulnerability Original release date: January 11, 2022 Last revised:--- CVE-2021-43055 Source: TIBCO SoftwareInc. Products Affected TIBCO eFTL - Community Edition versions 6.7.2 and below TIBCO eFTL - Developer Edition versions 6.7.2 and below TIBCO eFTL - Enterprise Editi...

Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5132-1)

The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5132-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth...

GHSA-P62J-HRXM-XCXF Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth...

Fernhill SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fernhill Software, Ltd. Equipment: Fernhill SCADA Server Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service...

Debian DSA-5034-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5034 advisory. Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade...

Improper Access Control in crater-invoice/crater

Description In recent Crater version faf1ef09 tag: 5.0.6 I discovered, that not authenticated user can download all expense receipts uploaded to any company. Proof of Concept Python import requests for i in range1, 100: r = requests.getf'http://172.17.0.1:8080/expenses/i/download-receipt' if...

Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...

Code injection

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user during the daily synchronization. A malicious user could force accounts to ...

On the Log4j Vulnerability

Its serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. Fr...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-99619)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a resource management error that can be exploited by attackers to cause a potentially exploitable crash...

Improper Access Control in bookstackapp/bookstack

Description A logged-in user with no privileges OR guest user if public access enabled can access the /search/users/select AJAX endpoint meant for admins to manage audit logs, to dump all usernames existing in the Bookstack database. This can also be used to harvest email belonging to a user...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14859-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14859-1 advisory. - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 DFIR-Notes Driving home I got my first message...