132 matches found
CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1, Thunderbird...
Mozilla Firefox ESR < 128.3.1
The version of Firefox ESR installed on the remote Windows host is prior to 128.3.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-51 advisory. - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation...
Mozilla Firefox < 131.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 131.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-51 advisory. - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation...
Mozilla Firefox < 131.0.2
The version of Firefox installed on the remote Windows host is prior to 131.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-51 advisory. - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ...
Mozilla Firefox ESR < 128.3.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.3.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-51 advisory. - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animati...
Mozilla Firefox ESR < 115.16.1
The version of Firefox ESR installed on the remote Windows host is prior to 115.16.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-51 advisory. - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation...
PT-2024-37102 · WordPress · Timeline Event History Plugin
Name of the Vulnerable Software and Affected Versions: Timeline Event History plugin for WordPress versions up to, and including, 3.1 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input...
Fedora: Security Advisory for qt6-qtquicktimeline (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: qt6-qtquicktimeline-6.7.1-1.fc40
The Qt Quick Timeline plugin provides QML types to use timelines and keyframes to animate Qt Quick user interfaces...
achigan.net Cross Site Scripting vulnerability OBB-3929230
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aptawa.org Cross Site Scripting vulnerability OBB-3884772
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
BIT-GITLAB-2022-2527
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...
GitLab 14.9 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-2527)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15...
A Penetration Testing Buyer's Guide for IT Security Teams
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit ...
Updated microcode packages fix security vulnerability
Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information CVE-2023-20593, also know...
www2.ub.gu.se Cross Site Scripting vulnerability OBB-3551622
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
watanabechem.co.jp Cross Site Scripting vulnerability OBB-3341164
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore
Qualys Blog Series – Threat Research Unit Report “Divide and Conquer” is an emerging and winning strategy for cyber criminals who split responsibilities to improve execution of the attack process. Some threat actors specialize in the back end, which often is ransomware deployed at scale. The fron...
Everything you need to know about HITRUST v11
HITRUST v11 is finally here. In this blog post, Coalfire HITRUST experts provide guidance to address the key details surrounding the transition timelines and what organizations can expect with the latest version...
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
Posted by Tim Willis, Project Zero In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498 allowed...