mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

CVE-2024-46740 binder: fix UAF caused by offsets overwrite

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

VulnCheck KEV: CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231...

mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

RLSA-2024:6684 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a "with" block CVE-2024-8381 mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener...

PT-2025-4089 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability, as the...

mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of pickle objects in the predict method of ModelWrapperUnsafe class within byomhandler.py, allowing execution of arbitrary code when deserializing a malicious pickle object...

CVE-2022-2446

CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...

CVE-2022-2446 WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to properly check for null pointers when handling frame buffer objects...

dset Prototype Pollution vulnerability

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...

SUSE CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

Unmasking the Hidden Threat: Inside a Sophisticated Excel-Based Attack Delivering Fileless Remcos RAT

Unmasking the Hidden Threat: Inside a Sophisticated Excel-Based Attack Delivering Fileless Remcos RAT By Trellix · September 11, 2024 This blog was also written by Trishaan Kalra Introduction In the rapidly evolving landscape of cybersecurity, attackers are continuously refining their methods to...

CVE-2024-41728

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...

CVE-2024-41728

CVE-2024-41728 affects SAP NetWeaver Application Server for ABAP and ABAP Platform, where a missing authorization check allows a user logged in as a developer to read objects contained in a package, impacting confidentiality. Affected context and root cause are described across multiple sources (...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a lack of authorization checking and allows an attacker logged in as a developer to read objects contained in a package...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a sequential problem with the release of job objects in the drm/xe component, which could lead to reuse afte...