The Mozilla Foundation Security Advisory describes this flaw as Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Source link
RELATED STORIES
git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential...
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Accordion是使用在其中的一个用于创建响应式内容的插件。 WordPress Accordion 2.2.9之前版本中的AJAX wp_ajax_accordions_ajax_import_json操作存在跨站脚本漏洞。攻击者可利用该漏洞导入新的折叠面板并向其中注入恶意的JavaScript代码。 来源:MISC 链接:https://wordpress.org/plugins/accordions/#developers 来源:MISC 链接:https://www. Source link
Vulnerability management is a persistent feature of good cybersecurity practice; a routine hygiene to help...
This security advisory describes one low risk vulnerability. 1) Insufficiently Protected Credentials Severity: Low CVSSv3:...
NSA warns about Sandworm APT exploiting Exim flaw | | IT Security News
...
来源:MISC 链接:https://sqlite.org/src/info/a4dd148928ea65bd 来源:MISC 链接:https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13632 来源:www.nsfocus.net 链接:http://www.nsfocus.net/vulndb/46786 来源:vigilance.fr 链接:https://vigilance.fr/vulnerability/SQLite-three-vulnerabilities-32354 Source link
来源:CONFIRM 链接:http://www.openwall.com/lists/oss-security/2020/05/28/1 来源:MISC 链接:https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13361 来源:vigilance.fr 链接:https://vigilance.fr/vulnerability/QEMU-denial-of-service-via-the-es1370-device-driver-32352 Source link
|漏洞详情 Vivotek CC9381-HV等都是中国台湾晶睿通讯(Vivotek)公司的一款网络摄像机。 使用XXXXX-VVTK-2.2002.xx.01x之前版本和XXXXX-VVTK-0XXXX_Beta2之前版本固件的多款Vivotek产品中的Web服务的testserver.cgi存在安全漏洞。攻击者可利用该漏洞从摄像机的本地文件系统中获取任意文件。以下产品及版本受到影响:Vivotek CC9381-HV;FD9360-H;FD9368-HTV;FD9380-H;FD9388-HTV等。 |参考资料 来源:CONFIRM 链接:http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-11949 Source link
来源:XF 链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/175484 来源:CONFIRM 链接:https://www.ibm.com/support/pages/node/6207913 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-4248 来源:www.ibm.com 链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4248/ Source link
来源:MISC 链接:https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/ 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-10946 来源:vigilance.fr 链接:https://vigilance.fr/vulnerability/Centreon-Web-Cross-Site-Scripting-via-widgets-32355 Source link