Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2022-36976)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox has a cross-site scripting vulnerability that stems from the fact that Firefox searches for text when a URL is received via the SEND intent, but subsequent use of the address bar can cause the URL to load...

CVE-2021-41962

Cross Site Scripting XSS vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicleservice...

Privoxy -- Multiple vulnerabilities (memory leak, XSS)

Privoxy reports: cgierrornotemplate: Encode the template name to prevent XSS cross-site scripting when Privoxy is configured to servce the user-manual itself. Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. Reported by: Artem Ivanov geturlspecparam: Free memory of compiled pattern spec...

CVE-2021-43544

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox has a cross-site scripting vulnerability that stems from the fact that Firefox searches for text when a URL is received via the SEND intent, but subsequent use of the address bar can cause the URL to load...

GLPI 路径遍历漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2021-23927

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 2.6.1 Description: The issue is related to a path traversal vulnerability in GLPI instances with the barcode plugin installed. This vulnerability was patched in version 2.6.1. Recommendations: For versions prior to 2.6....

kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...

FusionPBX 4.5.29 - Remote Code Execution (Authenticated) Exploit

Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import requests from...

UBUNTU-CVE-2021-41456

There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmxnhml.c:1004 in the nhmldmxsendsample function szXmlTo parameter which leads to a denial of service vulnerability...

Gpac MP4Box 缓冲区错误漏洞

MP4Box is a multimedia packager available in GPAC. A stack buffer overflow vulnerability exists in the nhmldmxsendsample function in src/filters/dmxnhml.c:1004 in MP4Box version 1.0.1. An attacker can exploit this vulnerability to cause a denial of service via the szXmlTo parameter...

PT-2021-23301 · Mp4Box · Mp4Box

Name of the Vulnerable Software and Affected Versions: MP4Box version 1.0.1 Description: The issue is a stack buffer overflow in the nhmldmx send sample function, specifically with the szXmlTo parameter, located at src/filters/dmx nhml.c:1004. This leads to a denial of service vulnerability...

PT-2021-23303

Name of the Vulnerable Software and Affected Versions MP4Box version 1.0.1 Description The issue is a stack buffer overflow in the nhmldmx send sample function at src/filters/dmx nhml.c:1008, specifically affecting the szXmlFrom parameter. This leads to a denial of service vulnerability...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-71659)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust mayqueue crate through 2020-11-10 A security vulnerability exists due to a limitation in the queue's lack of send feature or synchronization feature, which could be exploited by an attacker to cause a memor...

Mozilla Rust Memory Corruption Vulnerability (CNVD-2021-71653)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in Rust late-static crate before 0.4.0, which stems from the fact that Sync is implemented with LateStatic's T: Send, causing data contention to occur. No details of the...

GHSA-GQ4H-F254-7CW9 Duplicate Advisory: Data races in ticketed_lock

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...

Duplicate Advisory: Data races in ticketed_lock

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...

GHSA-R88H-6987-G79F Duplicate Advisory: Data races on syncpool

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vp6r-mrq9-8f4h. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implements Send for Bucket2. This allows sending non-Send types to...

Duplicate Advisory: Data races on syncpool

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vp6r-mrq9-8f4h. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implements Send for Bucket2. This allows sending non-Send types to...

GHSA-83R8-P8V6-6GFM Slock<T> allows sending non-Send types across thread boundaries

Slock unconditionally implements Send/Sync. Affected versions of this crate allows sending non-Send types to other threads, which can lead to data races and memory corruption due to the data race...