This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. `cmdline` contains multiple user controlled, unsanitized values. Windows is unaffected.* This vulnerability affects Firefox ESR > 8 ` which calls the `system` command with the operand `cmdline`. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |