88 matches found
CVE-2022-22738
The Mozilla Foundation Security Advisory describes this flaw as: Applying a CSS filter effect could have accessed out-of-bounds memory. This could have led to a heap-buffer-overflow, causing a potentially exploitable crash...
Debian DLA-2874-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash...
CVE-2021-38007
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
HP LaserJet Pro Printer has a denial of service vulnerability
Hp LaserJet Pro Printer is a laser printer from Hewlett-Packard Hp U.S.A. A security vulnerability exists in the Hp LaserJet Pro Printer, which stems from a potential security flaw found in the HP LaserJet Pro printer that could be exploited by an attacker to potentially cause a denial of service...
openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3331-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3331-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable...
Denial Of Service (DoS)
chromium-browser:bionic is vulnerable denial of service. It allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Security Vulnerabilities fixed in Firefox ESR 91.2 — Mozilla
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to...
Security Vulnerabilities fixed in Firefox 91 — Mozilla
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. An issue present in lowering/register allocation could have led to obscure but...
UVI-2021-1000599 net/mlx5e: Fix null deref accessing lag dev
net/mlx5e: Fix null deref accessing lag dev This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.42 by commit...
CVE-2021-21506
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISIPRIVSYSSUPPORT and ISIPRIVLOGINPAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation...
Oracle Linux 8 : firefox (ELSA-2020-5237)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5237 advisory. 78.5.0-1.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 78.5.0-1 - Update to 78.5.0...
CVE-2020-16001
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-12416
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
doas -- Prevent passing of environment variables
Jesse Smith upstream author of the doas program reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or written...
Security Bulletin: Security vulnerability related to Java SE (JDK) version 6 has been identified in the WebSphere Application Server where the Rational Asset Manager is deployed
Summary The Java SE JDK version 6.0 running on IBM WebSphere Application Server could allow a remote attacker to utilize the FormLogout servlet for redirecting to unauthorized hosts. This vulnerability can result in exploiting the WebSphere Application Server for potential spoofing. Vulnerability...
CVE-2018-12377
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1...
CVE-2018-12362
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 SSSE3 scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
CVE-2018-5095
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, a...
Pwn2Own Huawei HiApp vulnerability principle and the use of analysis of under-vulnerability warning-the black bar safety net
0×01 Preface Pwn2Own Huawei HiApp vulnerability principle and the use of the analysison Reading this article is the basis for understanding previous attacks construct the link. 0×02 vulnerability analysis I don't know if the attentive classmates found in my article analysis article left in the eg...