[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256610

 
 

909

 
 

199263

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 198378 Download | Alert*

Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References ...

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: use after free in the video driver leads to local privilege escalation * kernel: use-after-free in drivers/bluetooth/hci_ldisc.c * kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg * kernel: memory leak in ccp_run_sha_cmd * kernel: Denial Of Service in the __ipm ...

It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed.

expat: XML parsing C library Expat could be made to expose sensitive information if it received a specially crafted XML file.

The host is missing a critical security update according to Mozilla advisory, MFSA2019-34. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords.

The host is missing a critical security update according to Mozilla advisory, MFSA2019-33. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords.

Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: When storing a value in IndexedDB, the value's prototype chain is followed and it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash.

Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash.

Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances.

Mozilla Firefox 70, Mozilla Firefox ESR 68.2 and Mozilla Thunderbird 68.2: By using a form with a data URI it was possible to gain access to the privileged codeJSONView/code object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.


Pages:      Start    31    32    33    34    35    36    37    38    39    40    41    42    43    44    ..   19837

© SecPod Technologies