[Forgot Password]
Login  Register Subscribe

26309

 
 

132812

 
 

150489

 
 

909

 
 

119739

 
 

158

 
 
Paid content will be excluded from the download.

Filter
Matches : 119741 Download | Alert*

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

linux-image-4.19 is installed

linux-image-4.9 is installed

Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function <code>APZCTreeManager::ComputeClippedCompositionBounds</code> did not follow iterator invalidation rules.

Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from.

Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.

Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

The host is missing a high severity security update according to Mozilla advisory, MFSA2020-44. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts.

The host is installed with Symantec Endpoint Protection (SEP) Manager or Client 12.1 before 12.1 RU6 MP5 and is prone to a server-side request forgery (ssrf) vulnerability. A flaw is present in the application, which fails to handle a crafted request. Successful exploitation could allow attackers to trigger network traffic to arbitrary intranet hosts.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   11974

© SecPod Technologies