| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. |
| Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. |
| An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL. |
| Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152. |
| unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
This affects all normalization forms. |
| In the Linux kernel, the following vulnerability has been resolved:
landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
hook_cred_transfer() only copies the Landlock security blob when the
source credential has a domain. This is inconsistent with
landlock_restrict_self() which can set LOG_SUBDOMAINS_OFF on a
credential without creating a domain (via the ruleset_fd=-1 path): the
field is committed but not preserved across fork() because the child's
prepare_creds() calls hook_cred_transfer() which skips the copy when
domain is NULL.
This breaks the documented use case where a process mutes subdomain logs
before forking sandboxed children: the children lose the muting and
their domains produce unexpected audit records.
Fix this by unconditionally copying the Landlock credential blob. |
| A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance. |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. |
| Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. |
| Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. |
| Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37. |
| JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152. |
| Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152. |
| Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152. |
| Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152. |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152. |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152. |
| Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12. |
