141 matches found
The vulnerability in the implementation of the fetch() function for obtaining resources from the Fetch API interface of Mozilla Firefox and Firefox-ESR browsers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability in the implementation of the fetch function for obtaining resources through the Fetch API on Mozilla Firefox and Firefox-ESR browsers is related to an error in returning temporary local copies of resources. These resources were sent with a cache header indicating “no caching”...
UBUNTU-CVE-2020-6510
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
Race condition
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2019-20610
An issue was discovered on Samsung mobile devices with N7.X and O8.X Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 April 2019...
Double free
An issue was discovered on Samsung mobile devices with N7.X and O8.X Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 April 2019...
CVE-2019-20610
An issue was discovered on Samsung mobile devices with N7.X and O8.X Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 April 2019...
CVE-2019-20610
The CVE-2019-20610 entry describes a double-fetch vulnerability in Trustlet on Samsung mobile devices running N(7.X) and O(8.X) with Exynos 7570/7870/7880/7885/8890/8895/9810 chipsets, enabling arbitrary TEE code execution. Affected component: Trustlet in the TEE. Root cause: double-fetch window ...
Design/Logic Flaw
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content...
CVE-2019-12456
An issue was discovered in the MPT3COMMAND case in ctlioctlmain in drivers/scsi/mpt3sas/mpt3sasctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of iocnumber between two kernel reads of that...
CVE-2019-12456
An issue was discovered in the MPT3COMMAND case in ctlioctlmain in drivers/scsi/mpt3sas/mpt3sasctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of iocnumber between two kernel reads of that...
ALPINE-CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
PT-2018-3976 · Xpdf +2 · Xpdf +2
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.00 Description: The issue is related to errors in the code of the Xpdf software, specifically in the XRef::fetch function in XRef.cc. It allows remote attackers to cause a denial of service, which is a stack consumption, via a...
CVE-2016-9038
CVE-2016-9038 : A double-fetch race condition exists in the Invincea-X (Dell Protected Workspace) SboxDrv.sys driver (version 6.1.3-24058). The vulnerability stems from reading a user-supplied pointer to a driver-version buffer twice: first via ProbeForWrite and then again during memcpy, using in...
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...
Race condition
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service buffer overflow or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability...
CVE-2018-5189
CVE-2018-5189 affects Jungo Windriver 12.5.1. A race condition (double-fetch) in a Windriver IOCTL handler allows local users to overflow a pool buffer, potentially causing denial of service or privilege escalation to SYSTEM. Exploitation demonstrated via kernel pool spraying and a crafted Event ...