36 matches found
Astra Linux – Vulnerability in nss
During RSA key generation, bignum implementations used a variant of the Binary Extended Euclidean Algorithm, which involved significant input-dependent processing. This allowed attackers to perform electromagnetic-based side-channel attacks to capture traces that could lead to the recovery of...
CVE-2018-25282
Nmap 7.70 is affected by a local denial-of-service vulnerability caused by exponential XML entity expansion in XML processing (triggered via ZenMap scan import). A crafted XML file with nested entity definitions can cause excessive resource consumption, potentially crashing the application. The C...
MiracleLinux 8 : firefox-78.10.0-1.0.1.el8 (AXSA:2021-1733:13)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1733:13 advisory. Mozilla: Out of bound write due to lazy initialization CVE-2021-23994 Mozilla: Use-after-free in Responsive Design Mode CVE-2021-23995 Mozilla: More...
TencentOS Server 2: python-setuptools (TSSA-2024:0503)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0503 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
CVE-2024-13597
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...
CVE-2024-49707
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...
CVE-2024-49705
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...
CVE-2024-49706 XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...
CVE-2024-49706 XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...
CVE-2024-10089
Technical details about CVE-2024-10089 are not publicly available in the provided documents. No specifics on affected components, root cause, exploit info, or fixes beyond the brief description are provided.
CVE-2024-10088
CVE-2024-10088 affects the Internet Starter module of SoftCOM iKSORIS. It is vulnerable to a Reflected XSS attack where a user is tricked into submitting a login form containing a malicious script, causing the script to run in the user’s browser context. The vulnerability is patched in version 79...
Astra Linux – Vulnerability in setuptools
A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...
International Color Consortium DemoIccMAX Buffer Error Vulnerability
DemoIccMAX is International Color Consortium open source a iccMAX color profile demo implementation. A security vulnerability exists in International Color Consortium DemoIccMAX version 79ecb74, which stems from an out-of-bounds read vulnerability in function CIccPRMG::GetChroma...
SUSE CVE-2018-17463
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2020-12324
Protection mechanism failure in some IntelR ThunderboltTM DCH drivers for Windows before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access...
Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...
Mozilla: WebRTC permission prompt could have been bypassed by a compromised content process
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox 78...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2020-46370)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 77. An attacker can exploit the vulnerability to corrupt memory and possibly execute arbitrary code...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2020-34652)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 76. An attacker could exploit the vulnerability to bypass content security policies...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2020-35374)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in the implementation of the address bar in versions of Mozilla Firefox prior to 76. A local attacker could exploit the vulnerability to forge the current address...