CVE-2020-6610
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
Source: CVE-2020-6610
[월:] 2020년 01월
CVE-2020-6611
CVE-2020-6611
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
Source: CVE-2020-6611
CVE-2020-6613
CVE-2020-6613
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
Source: CVE-2020-6613
CVE-2019-11765
CVE-2019-11765
A compromised content process could send a message to the parent process that would cause the ‘Click to Play’ permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the ‘Click to Play’ permission. This vulnerability affects Firefox < 70.
Source: CVE-2019-11765
CVE-2019-17000
CVE-2019-17000
An object tag with a data URI did not correctly inherit the document’s Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document’s policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.
Source: CVE-2019-17000
CVE-2019-11764
CVE-2019-11764
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Source: CVE-2019-11764
CVE-2020-6583
CVE-2020-6583
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account via the Name field in an Add New Client action.
Source: CVE-2020-6583
CVE-2019-11762
CVE-2019-11762
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Source: CVE-2019-11762
CVE-2019-11745
CVE-2019-11745
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Source: CVE-2019-11745
CVE-2019-11756
CVE-2019-11756
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
Source: CVE-2019-11756