Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
element desktop vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2021-4140
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2021-32810
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions before 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgo...
Crossbeam Project Crossbeam
Fedoraproject Fedora 34
9.8
CVSSv3
CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and previous versions, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentiall...
Gnu Glibc
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Virtualization Host 4.0
Oracle Enterprise Communications Broker 3.0.0
Oracle Enterprise Communications Broker 3.1.0
Oracle Communications Session Border Controller 8.1.0
Oracle Communications Session Border Controller 8.2.0
Oracle Communications Session Border Controller 8.0.0
Netapp Data Ontap Edge -
Netapp Element Software Management -
9.6
CVSSv3
CVE-2022-22759
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerab...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.6
CVSSv3
CVE-2017-10346
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network ...
Oracle Jdk 1.9.0
Oracle Jre 1.9.0
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.4
Redhat Enterprise Linux Eus 7.5
Redhat Satellite 5.8
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
1 Article
8.8
CVSSv3
CVE-2022-22738
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
8.8
CVSSv3
CVE-2022-22740
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
8.8
CVSSv3
CVE-2022-22751
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we ...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
8.8
CVSSv3
CVE-2022-22756
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird <...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
8.8
CVSSv3
CVE-2022-22761
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ES...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »