4367 matches found
UBUNTU-CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
ansible: path injection on dest parameter in fetch module
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...
Information Disclosure
squirrelmail is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the SquirrelMail Mail Fetch plug-in. If an administrator enabled this plug-in, a SquirrelMail user could use this flaw to port scan the local network the server was on...
Moderate: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-2019-9819
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
CVE-2019-12456
An issue was discovered in the MPT3COMMAND case in ctlioctlmain in drivers/scsi/mpt3sas/mpt3sasctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of iocnumber between two kernel reads of that...
DEBIAN-CVE-2019-15796
Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...
Design/Logic Flaw
Python-apt doesn't check if hashes are signed in Version.fetchbinary and Version.fetchsource of apt/package.py or in fetcharchives of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
Design/Logic Flaw
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
CVE-2020-6809
CVE-2020-6809 : A WebExtension with the all-urls permission could read local files when it made a fetch with mode 'same-origin', affecting Firefox versions older than 74. Root cause is an escalation of file access in WebExtensions via the all-urls permission. The IBM bulletin confirms the CVE-202...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...