CVE-2026-2364 CODESYS Installer TOCTOU Privilege Escalation

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

Linux Distros Unpatched Vulnerability : CVE-2019-11697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the ALT and a keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that kee...

Browser is prompted to install Citrix Workspace lite.

Receiving prompt to install Citrix Workspace lite when accessing store URL When accessing workspace we see that as Citrix workspace lite However, the installed app is Citrix Workspace app...

August 8, 2023-KB5029649 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2

August 8, 2023-KB5029649 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 Revised on August 13th, 2023 to add a known issue. Release Date: August 8, 2023 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and Cumulative Update...

Description of the Security Update for the spoofing vulnerability in Microsoft Visual Studio 2010 Tools for Office Runtime: August 8, 2023 (KB5029497)

Description of the Security Update for the spoofing vulnerability in Microsoft Visual Studio 2010 Tools for Office Runtime: August 8, 2023 KB5029497 Applies to: Visual Studio 2010 Tools for Office Runtime that is included with Microsoft Office and Visual Studio 2022, 2019, 2017, 2015, and 2013...

Mozilla: Time-of-check time-of-use bug when verifying add-on signatures

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox...

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

CVE-2020-29613

Apple fixed CVE-2020-29613 in iOS 14.3 / iPadOS 14.3. Description: a logic issue in state management could cause an enterprise app installation prompt to display the wrong domain. Root cause: state-management logic flaw. Impact: may display an incorrect domain during enterprise app installation p...

OPENSUSE-SU-2020:1392-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 68.12 bsc1175686 - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension...

SUSE-SU-2020:2552-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 68.12 bsc1175686 - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension...

Mozilla: Attacker-induced prompt for extension installation

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

USN-3991-3: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original...

FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)

Mozilla Foundation reports : CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...

InstantHMI 6.1 - Privilege Escalation

Exploit for windows platform in category local exploits Title: InstantHMI - EoP: User to ADMIN CWE Class: CWE-276: Incorrect Default Permissions Date: 01/06/2016 Vendor: Software Horizons Product: InstantHMI Version: 6.1 Download link: http://www.instanthmi.com/ihmisoftware.htm Tested on: Windows...

Updated firefox package fixes security vulnerability

Updated firefox packages fix security vulnerabilities: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-4497. A flaw wa...

USN-2723-1 firefox vulnerabilities

A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with th...

Security Update for Windows Server 2012 R2 (KB3184943)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...