Microsoft Excel suffers from a spoofing vulnerability.
fa96d49859fc520f5cae2aff82756e1413ab3b90abbc5c84227e6a7ba5d34e63Ubuntu Security Notice 5954-2 - USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service. Rob Wu discovered that Firefox did not properly manage the URLs when following a redirect to a publicly accessible web extension file. An attacker could potentially exploits this to obtain sensitive information. Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. An attacker could potentially exploit this issue to perform spoofing attacks. Khiem Tran discovered that Firefox did not properly manage one-time permissions granted to a document loaded using a file: URL. An attacker could potentially exploit this issue to use granted one-time permissions on the local files came from different sources.
7ead7bb25c8c04a52256d67d583dcbfffb6725d38ac5236d51297e2bc3a0492aDebian Linux Security Advisory 5375-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.
943bb672c5f5a142c518592167667218e9e53d058b0660c6d0458c7636cb77caDebian Linux Security Advisory 5374-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.
ef900a452c188015da475ec656d55f96626688e7c22638f3904a9534481df7d1Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
d8134e53c73b5f2b98a54caf846a945da5e3e78dac7bf2d66525cf6b12579a76Debian Linux Security Advisory 5350-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
c3d354e3e29299851841adde233b8f00835b92a77d8a6d93936ca8c508194f28Ubuntu Security Notice 5816-2 - USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. Various other issues were also addressed.
ac080c4b3790efbaf876e4fa1ba3505424a80943ca230f29f3ed885731cb5053Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
38f95ee57d63d0e8b884ef1127b64a2ad246bd3ea2088d67b53d2f1ae8e3140bRed Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
d0ec81ac694e922500234d90eb37e90222ddaf5b72118f0b1c21008e8f27c7e2Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
6cb75512f22c4b10076ab44d7a5c8a9b721c51a7afe86c31ff28c113d4b380f1Debian Linux Security Advisory 5322-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
eb4baacbcf64fe1cdd00c7283b49fcb3f7f1bbde124afc14c22a6e4c843a15eeUbuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
b30a2968ea71adaa4d74717a784dc2aa83b0f4ff631d0b31a605118d8157a40aApple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
cbfa8ceb09614901b4b0bb05115fb58ae50c3fb04ef6395b18e75c81436f174bApple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
74ff4e02487d4bc615b6697e750a64c98e8fc416e7a5b739eed037fe127f069fApple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
b3bbef4a98914d0e5167d5e357e15f513f9d357c6df7cfdad446ecc8856061acApple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
e526cdedd8ce35da09dee49922c773c4c21c09a4f4ffb9a56567d00adb6def9cApple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
78f3785639474b90779ccf98f62a9a102f01f943fd8dbf08927b91ea945c5a8cIntel Data Center Manager versions 4.1.1.45749 and below suffer from an authentication bypass vulnerability via spoofing.
c994d19000e263ed1c33f5352902d080b70eb355d42bec09d1cf2d70a522e3e4Debian Linux Security Advisory 5282-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or bypass of the SameSite cookie policy.
91034eee5b8fb88c332be0918f4e842a60c55772e39e1a9a1d42dfd92d057459Ubuntu Security Notice 5726-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitrary code.
b4c21832ad3bb61ebf8eab2d0d6047f68bee97b1b36d7847b505ddd8697605d5Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.
ab9280f314ac81de4a3ed054866e30b013b2d1631d6819d87f2ce15b72e94064Debian Linux Security Advisory 5274-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
b2cd03cb3cd51e835828566f26955b1a24433b4d4ee8969dda2279eab675c38fDebian Linux Security Advisory 5273-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
6bbe81d2c9efe6e21d1f0e9b955cd92bda11b610558952c581bfaa7120f0b2dfApple Security Advisory 2022-10-27-15 - Safari 16.1 addresses code execution, spoofing, and use-after-free vulnerabilities.
7e4afb58dc67e9a414148622643475a8d27c8f60baf2cda25e496eee7f816dfeApple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.
9e96be57660dbb64494522fb501ab742107a0ac275cc908359b95be12c976690
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed