CVE-2025-30356

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in...

CVE-2025-30356

CryptoLib (SDLS-EP) vulnerability CVE-2025-30356 affects 1.3.3 and earlier. A heap buffer overflow in Crypto_TC_ApplySecurity results from incomplete validation of the fl (frame length) field; after CVE-2025-29912’s underflow fix, frames can still produce a negative tf_payload_len that is treated...

Mozilla Thunderbird < 115.18

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-70 advisory. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and...

CVE-2024-11694

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

The CVE-2024-11694 issue is a CSP frame-src bypass and DOM-based XSS stemming from Enhanced Tracking Protection in Mozilla products via the Web Compatibility extension’s Google SafeFrame shim. Affected: Firefox versions &lt;133, Firefox ESR &lt;128.5, Firefox ESR &lt;115.18, Thunderbird &lt;133, ...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

Security Vulnerabilities fixed in Firefox ESR 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

CVE-2020-12140

A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames...

Zephyr Code Issues Vulnerabilities

Zephyr is a small real-time operating system for connected, resource-constrained embedded devices. A code issue vulnerability exists in 802154 ACK frame handling in Zephyr version 2.4.0. An attacker can exploit this vulnerability by sending malicious frames that result in a null pointer...

Stack overflow

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205...

CVE-2017-11121

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205...