Mozilla Firefox 127 : If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred.
Mozilla Firefox 127 : An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap.
Mozilla Firefox 127 : In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing.
The host is missing a high security update according to the Mozilla advisory MFSA2024-26 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle various components. successful exploitation allows attacker to cause multiple impact.
The host is missing a high security update according to the Mozilla advisory MFSA2024-25 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle various components. Successful exploitation allows attacker to cause multiple impact.
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)
In the Linux kernel, the following vulnerability has been resolved:
xen-netfront: Add missing skb_mark_for_recycle
Notice that skb_mark_for_recycle() is introduced later than fixes tag in
commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling").
It is believed that fixes tag were missing a call to page_pool_release_page()
between v5.9 to v5.14, after which is should have used s ...
Vulnerability discovered by executing a planned security audit.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10.
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.��This issue affects Pandora FMS: from 700 through <777.