25 matches found
DEBIAN-CVE-2025-0622
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If...
CVE-2024-26820 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed If hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot perform VF register successfully as the register call is received before netvscpro...
CVE-2021-47141
A vulnerability was found in the Generic Virtual Ethernet gve driver in the Linux kernel. A NULL pointer dereference could occur during the freeing of notification blocks. This issue arises when attempting to index priv-msixvectors without prior allocation, potentially leading to a crash if the...
SUSE CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
The vulnerability of the Intel Smart Sound Technology driver, related to a overflow in the unloaded pool in the operating memory, allows a hacker to execute arbitrary code.
The vulnerability of the Intel Smart Sound Technology driver is related to a overflow in the unloaded pool in the operating memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code with elevated privileges...
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
Exploit for multiple platform in category web applications document auto& htmlDocument = downcastdocument; auto atomicPropertyName = propertyName.publicName; if atomicPropertyName && htmlDocument.hasWindowNamedItematomicPropertyName JSValue namedItem; if...
Apple Webkit: UXSS by accessing a named property from an unloaded window (CVE-2017-2367)
The frame is not detached from an unloaded window. We can access to the new document's named properties via the following function. static bool jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetterJSDOMWindowProperties thisObject, Frame& frame, ExecState exec, PropertyName propertyName,...
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
document auto& htmlDocument = downcastdocument; auto atomicPropertyName = propertyName.publicName; if atomicPropertyName && htmlDocument.hasWindowNamedItematomicPropertyName JSValue namedItem; if UNLIKELYhtmlDocument.windowNamedItemContainsMultipleElementsatomicPropertyName Ref collection =...
USN-3247-1 apparmor vulnerability
Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior...
USN-3247-1: AppArmor vulnerability
Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior...
kernel: iptables restriction bypass if a protocol handler kernel module not loaded
A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol SCTP case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking...
Adobe Shockwave Player Use-After-Free Vulnerability
This host is installed with Adobe Shockwave Player and is prone to use-after-free vulnerability. OpenVAS Vulnerability Test $Id: gbadobeshockwaveplayeruseafterfreevuln.nasl 5263 2017-02-10 13:45:51Z teissa $ Adobe Shockwave Player Use-After-Free Vulnerability Authors: Sooraj KS Copyright: Copyrig...
Adobe Shockwave Player Use-After-Free Vulnerability
Adobe Shockwave Player is prone to a use after free vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details...
Apache mod_isapi uninitialized pointer function call
Uunder some conditions function from dynamic library is called by it's address after library is unloaded...
Debian: Security Advisory (DSA-1704-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Firefox XSS via XBL bindings to unloaded document
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
Firefox XSS via XBL bindings to unloaded document
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
Firefox XSS via XBL bindings to unloaded document
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...
CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...