Lucene search
K

92 matches found

AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.22 views

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS7.3AI score0.00947EPSS
Exploits0
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.11 views

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

7.1AI score0.00947EPSS
Exploits0References4
CVE
CVE
added 2022/12/22 12:0 a.m.153 views

CVE-2022-40960

CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data is not thread-safe, causing a use-after-free and potentially exploitable crash. Affected products include Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.9AI score0.00947EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2022/11/19 6:48 p.m.30 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists because loading fonts on workers was not thread-safe which allows an attacker to cause an application crash...

7.5CVSS8.1AI score0.00627EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/28 12:0 a.m.36 views

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS6.9AI score0.00947EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.36 views

Debian dla-3123 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3123 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3123-1 [email protected]...

8.8CVSS8AI score0.01342EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.28 views

Debian DSA-5238-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5238 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. CVE-2022-40956 -...

8.8CVSS8.4AI score0.01342EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.47 views

Oracle Linux 9 : thunderbird (ELSA-2022-6717)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6717 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...

8.8CVSS7.4AI score0.01342EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/09/24 12:0 a.m.100 views

Debian DSA-5237-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5237 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or...

8.8CVSS8AI score0.01342EPSS
Exploits0References15
CNVD
CNVD
added 2022/09/22 12:0 a.m.46 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

6.5CVSS7.8AI score0.00947EPSS
Exploits0References1
Mozilla
Mozilla
added 2022/09/20 12:0 a.m.208 views

Security Vulnerabilities fixed in Thunderbird 102.3 — Mozilla

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...

7.8CVSS1.7AI score0.01284EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:52 a.m.17 views

MoinMoin Denial of Service vulnerability via password_checker function

The passwordchecker function in config/multiconfig.py in MoinMoin prior to version 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...

5CVSS7.1AI score0.01484EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 5:52 a.m.12 views

GHSA-WJJC-M3FC-FCM8 MoinMoin Denial of Service vulnerability via password_checker function

The passwordchecker function in config/multiconfig.py in MoinMoin prior to version 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...

8.7CVSS6.2AI score0.01484EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2022/01/06 12:0 a.m.8 views

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

9.8CVSS7.2AI score0.01324EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.29 views

Python 3.2.x < 3.2.6, 3.3.x < 3.3.6, 3.4.x < 3.4.1 os.makedirs() not thread-safe (bpo-21082) - Linux

Python is prone to a local security bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

3.3CVSS7.5AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2021/10/22 2:15 p.m.4 views

CVE-2021-0652

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00174EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/23 12:0 a.m.19 views

Mozilla Rust Command Injection Vulnerability (CNVD-2021-85290)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to send non-thread-safe EntityStore and ComponentStores across threads and cause data contention...

8.1CVSS4.5AI score0.01098EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/08/25 8:59 p.m.21 views

Data races in max7301

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

5.9CVSS5.8AI score0.00978EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/08/25 8:59 p.m.13 views

GHSA-RMFF-F8W9-C9RM Data races in max7301

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

5.9CVSS5.6AI score0.00978EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/08/16 12:0 a.m.22 views

OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Windows

OpenSSL is prone to TLS ephemeral ECDH crashes. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS8.1AI score0.04561EPSS
Exploits0References1
Rows per page
Query Builder