43 matches found
MiracleLinux 7 : firefox-102.3.0-6.0.1.el7.AXS7 (AXSA:2022-3888:23)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3888:23 advisory. Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing non-UTF-8 URLs in threads...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the coapdtlsgeneratecookie function. An attacker can cause the application to crash by sending a specially crafted DTLS handshake that results in SSLgetSSLCTX returning NULL. Remediation Upgrade libcoap to...
EUVD-2021-22107
Malware in sbrugna...
EUVD-2023-35356
Malicious code in bioql PyPI...
CVE-2021-35465
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and...
PT-2024-40765 · Git +1 · Boringssl
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the ssl ctx make profiles function. Technical details...
CVE-2023-31019
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context...
Design/Logic Flaw
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context...
CVE-2023-31019 CVE
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context...
CVE-2022-25333
The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...
CVE-2022-25333 Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138
The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...
Texas Instruments OMAP L138 Security Vulnerability
The Texas Instruments OMAP L138 is a DSP+ARM industrial processor from Texas Instruments. A security vulnerability exists in the Texas Instruments OMAP L138 secure variants, which stems from the fact that when a module is loaded via the SKLOAD routine, the Trusted Execution Environment TEE perfor...
SUSE CVE-2021-35465
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and...
Session fixation
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
CVE-2022-40958
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:6710)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:6710-1 advisory. - Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 - Mozilla: Bypassing...
UBUNTU-CVE-2022-40958
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
CVE-2022-40958
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
Oracle Linux 9 : thunderbird (ELSA-2022-6717)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6717 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixatio...