CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

GLSA-202305-35 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-35 Mozilla Firefox: Multiple Vulnerabilities - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. CVE-2023-0767 -...

AlmaLinux 9 : postgresql-jdbc (ALSA-2023:2378)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2378 advisory. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird stem from the fact that when encoding data from “InputStream” into “xpcom”, the size of the encoded input data is calculated incorrectly. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird stem from the fact that when data is encoded from “InputStream” into “xpcom”, the size of the encoded input data is calculated incorrectly. Exploiting this vulnerability allows an attacker to...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update

Red Hat Integration Camel Extensions for Quarkus 2.13.2-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability...

SUSE CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-047-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-047-01 advisory. - If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to...

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Mozilla Firefox ESR < 102.8

The version of Firefox ESR installed on the remote Windows host is prior to 102.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-06 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

GHSA-562R-VG33-8X8H TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 51k Example of vulnerable code: java String s = "some very large string greater than 51200 bytes"; PreparedStatement.setInputStream1...

PostgreSQL JDBC Driver 安全漏洞

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...

CVE-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

RHEL 8 : firefox (RHSA-2022:8554)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8554 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

The vulnerability in the InputStream interface of Firefox browsers, Firefox ESR, and the Thunderbird email client allows a hacker to execute arbitrary code.

The vulnerability of the InputStream interface in browsers like Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-3814

A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier o...