4026 matches found
RHEL 8 : thunderbird (RHSA-2022:1726)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1726 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Security Fixes: Mozilla:...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
USN-4797-1 libass vulnerabilities
It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. One of the issues, CVE-2016-7970, only affected Ubuntu 16.04 ESM. CVE-2016-7969, CVE-2016-7970, CVE-2016-7972 It was discovered that LibASS incorrectl...
Debian DLA-2990-1 : jackson-databind - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2990 advisory. - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 Note that Nessus has not...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-005)
The version of kernel installed on the remote host is prior to 5.10.62-55.141. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-005 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An...
The vulnerability of the `process_nested_data` function in the PHP programming language allows a hacker to execute arbitrary code.
The vulnerability of the processnesteddata function in the PHP programming language is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the `process_nested_data` function in the PHP programming language allows a hacker to execute arbitrary code.
The vulnerability of the processnesteddata function in the PHP programming language is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
The vulnerability of the object_common1 function in the PHP programming language, related to reading beyond the buffer in memory, allows attackers to trigger a service failure.
The vulnerability of the objectcommon1 function in the PHP programming language is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure by using specially created serialized data, which are incorrectly processed...
EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2022-1543)
According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...
GSD-2022-1001976 net: openvswitch: fix leak of nested actions
net: openvswitch: fix leak of nested actions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...
GSD-2022-1001685 net: openvswitch: fix leak of nested actions
net: openvswitch: fix leak of nested actions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.34 by commit...
GSD-2022-1001359 net: openvswitch: fix leak of nested actions
net: openvswitch: fix leak of nested actions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...
GSD-2022-1001013 net: openvswitch: fix leak of nested actions
net: openvswitch: fix leak of nested actions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...
CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
DEBIAN-CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...