Vulnerabilities (CVE)
Yack CVE helps teams search and track vulnerabilities.
TOTAL
358,413 CVE
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. |
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. |
1Hot Formula Parser Project 1Hot Formula Parser Jun 17, 2026 Jan 11, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eva...Show more |
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. |
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. |
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. |
4Canonical DebianMozilla+1 more6Debian Linux FirefoxFirefox Esr+3 moreJun 17, 2026 May 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76,...Show more |
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and...Show more |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a fe...Show more |
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this wou...Show more |
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Andro...Show more |
Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of th...Show more |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Apr 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume tha...Show more |
Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window,...Show more |
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the s...Show more |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Apr 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary...Show more |
1Mozilla 3Firefox Firefox EsrThunderbirdJun 17, 2026 Apr 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized,...Show more |
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Fire...Show more |
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7...Show more |
2Fedoraproject Mozilla2Bleach FedoraJun 17, 2026 Mar 24, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. |
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of th...Show more |
2Canonical Mozilla4Firefox Firefox EsrThunderbird+1 moreJun 17, 2026 Mar 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploit...Show more |
When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy...Show more |
2Canonical Mozilla4Firefox Firefox EsrThunderbird+1 moreJun 17, 2026 Mar 25, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosin...Show more |
2Canonical Mozilla4Firefox Firefox EsrThunderbird+1 moreJun 17, 2026 Mar 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a te...Show more |