Page 8 of 4554 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0

07 Jan 2025 — Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, and Firefox ESR < 115.19. Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. A flaw was fou... • https://bugzilla.mozilla.org/show_bug.cgi?id=1915535 • CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0

07 Jan 2025 — The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6. The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915257 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') CWE-863: Incorrect Authorization •

CVSS: 7.4EPSS: 0%CPEs: 23EXPL: 0

18 Dec 2024 — An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. An update for dpdk is now available for Red Hat Enterprise Linux 8.6 Ad... • https://access.redhat.com/security/cve/CVE-2024-11614 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

09 Dec 2024 — A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature. ceph: rhceph-container: Authentication bypass in CEPH RadosGW It was discovered that Ceph incorrectly handled unsupported JWT algorithms in the RadosGW gateway. An attacker could possibly ... • https://access.redhat.com/security/cve/CVE-2024-48916 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

05 Dec 2024 — An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. A vulnerability was found in the Django Web Framework. The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities. jiang... • https://docs.djangoproject.com/en/dev/releases/security • CWE-770: Allocation of Resources Without Limits or Throttling CWE-1169: SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) •

CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0

05 Dec 2024 — An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) A vulnerability was found in the Django Web Framework. The direct usage of django.db.models.fields.json.HasKey may be vulnerable to SQL injection if untrusted data is used to... • https://docs.djangoproject.com/en/dev/releases/security • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0

29 Nov 2024 — moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. These are all security issues fixed in the govulncheck-vulndb-0.0.20241209T183251-1.1 package on the GA medi... • https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

26 Nov 2024 — `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1921768 • CWE-476: NULL Pointer Dereference •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

26 Nov 2024 — A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory co... • https://bugzilla.mozilla.org/show_bug.cgi?id=1899402 • CWE-415: Double Free •

CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0

26 Nov 2024 — The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with... • https://bugzilla.mozilla.org/show_bug.cgi?id=1929600 • CWE-347: Improper Verification of Cryptographic Signature CWE-354: Improper Validation of Integrity Check Value •