MiracleLinux 7 : firefox-115.6.0-1.0.1.el7.AXS7 (AXSA:2024-7400:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7400:04 advisory. Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in...

ROS-20260119-7330

A vulnerability in the vidtvbridge.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2022-50725 media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtvbridgedvbinit KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore Call Trace: ... dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

CVE-2022-50725 media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtvbridgedvbinit KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore Call Trace: ... dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

Updated nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. CVE-2023-6856 Potential exposure of uninitialized data in EncryptingOutputStream. CVE-2023-6865 Symlinks may resolve to smaller than expected buffers...

Important: firefox

Issue Overview: The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, a...

Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation

The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...

Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation

The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...

Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation

The Mozilla Foundation Security Advisory describes this flaw as: The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox...

RHEL 9 : firefox (RHSA-2024:0025)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0025 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

SUSE CVE-2023-6860

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

UBUNTU-CVE-2023-6860

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Linksys WVBR0-25 User-Agent Command Execution Exploit

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerabilit...

Linksys WVBR0-25 User-Agent Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WVBR0-25 User-Agent Command Execution', 'Description' = %q The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless...

Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WVBR0-25 User-Agent Command Execution', 'Description' = %q The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless...

Linksys WVBRO25 RCE Vulnerability

Linksys WVBRO-25 is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Linksys WVBR0-25 User-Agent Command Execution

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in version 'Linksys WVBR0-25 User-Agent Command Execution', 'Description' = %q The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to...

Linksys WVBR0 - User-Agent Remote Command Injection Exploit

Exploit for hardware platform in category web applications -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ + Target is...

Linksys WVBR0 - User-Agent Remote Command Injection

Linksys WVBR0 - User-Agent Remote Command Injection !/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ +...

Linksys WVBR0 - &#039;User-Agent&#039; Remote Command Injection

!/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ + Target is exploitable by CVE-2017-17411 """ import...