4531 matches found
CVE-2019-9444
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...
UBUNTU-CVE-2019-9444
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-9444
CVE-2019-9444 affects the Android kernel’s sync debugfs driver, where a kernel pointer leak occurs due to using printf with %p. This leads to potential local information disclosure with system privileges required for exploitation. The vulnerability can be triggered locally, and user interaction i...
(Pwn2Own) Mozilla Firefox sync Universal Cross-Site Scripting Sandbox Escape Vulnerability
This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a universal cross-site...
USN-4122-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...
Mozilla: Sandbox escape through Firefox Sync
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
UBUNTU-CVE-2019-9812
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...
Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1
Sept. 4, 2019 Andrey Cherepanov 68.1.0-alt1 - New ESR version 68.1.0. - Fixed: + CVE-2019-11751 Malicious code execution through command line parameters + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML +...
Security vulnerabilities fixed in Firefox ESR 60.9 — Mozilla
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. Some HTML elements, such as and , can contain literal angle brackets without treating them as markup. It is possible to pass a liter...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...
Google Android Framework Path Traversal Vulnerability
Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA, of which Framework is a component of the Android framework. A path traversal vulnerability in GoogleContactsSyncAdapter in Android version 10, which stems from a failure of a networked system or...
libarchive: Multiple vulnerabilities
Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced...
Azure File Sync Agent v7.2 Release – July 2019 (KB4490497)
Update for Azure File Sync agent version 7.2.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v7.2 Release – July 2019 (KB4490497)
Update for Azure File Sync agent version 7.2.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v7.2 Release – July 2019 (KB4490497)
Update for Azure File Sync agent version 7.2.0.0. For more details, see the associated Microsoft Knowledge Base article...
Update Rollup for Azure File Sync Agent – July 2019
Update Rollup for Azure File Sync Agent – July 2019 Introduction This article describes the issues that are fixed in the Update Rollup for Azure File Sync Agent that is dated July 2019. Additionally, this article contains installation instructions for the update. Improvements and issues that are...
August 6, 2019, update for OneNote 2016 (KB4092450)
August 6, 2019, update for OneNote 2016 KB4092450 This article describes update 4092450 for Microsoft OneNote 2016 that was released on August 6, 2019. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply ...