23 matches found
WordPress Colibri Page Builder plugin <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Colibri Page Builder versions = 1.0.345...
CVE-2024-11747 Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
openSUSE Security Advisory (openSUSE-SU-2024:0119-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for tinyproxy (important)
openSUSE Security Update: Security update for tinyproxy Announcement ID: openSUSE-SU-2024:0119-1 Rating: important References: 1200028 1203553 1223743 1223746 Cross-References: CVE-2012-3505 CVE-2017-11747 CVE-2022-40468 CVE-2023-40533 CVE-2023-49606 CVSS scores: CVE-2017-11747 NVD : 5.5...
Ubuntu 16.04 ESM / 18.04 ESM : Tinyproxy vulnerability (USN-4808-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4808-1 advisory. It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes ...
SUSE CVE-2017-11747
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...
Mozilla Firefox Security Advisory (MFSA2019-25) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2020-11747
...
Debian DLA-2163-1 : tinyproxy security update
A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon. CVE-2017-11747 main.c in Tinyproxy created a /var/run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might have allowed local users to kill arbitra...
Debian: Security Advisory (DLA-2163-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2163-1] tinyproxy security update
Package : tinyproxy Version : 1.8.3-3+deb8u1 CVE ID : CVE-2017-11747 Debian Bug : 870307 948283 A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon. CVE-2017-11747 main.c in Tinyproxy created a /var/run/tinyproxy/tinyproxy.pid file after...
CVE-2019-11747
CVE-2019-11747 affects Mozilla Firefox and Firefox ESR. The vulnerability stems from a bug in the History pane’s “Forget about this site” feature which, while intended to delete site-visit data, also removes HSTS settings for sites on the pre-load list. As a result, on the next visit, if a user u...
Ubuntu: Security Advisory (USN-4122-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox < 69.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported...
Mozilla Firefox < 69.0
The version of Firefox installed on the remote Windows host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safe...
Mozilla Firefox ESR Security Advisories (MFSA2019-25, MFSA2019-27) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1
Sept. 4, 2019 Andrey Cherepanov 68.1.0-alt1 - New ESR version 68.1.0. - Fixed: + CVE-2019-11751 Malicious code execution through command line parameters + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML +...
CVE-2018-11747
creationtimestamp| type| source ---|---|--- 2019-03-21 19:26:51+00:00| seen| https://t.me/cibsecurity/3272...
CVE-2018-11747
CVE-2018-11747 concerns Puppet Discovery where the nginx container shipped with a default generated TLS certificate. The root cause is the presence of a default certificate in the container prior to the fixed implementation. The documented remediation is that in version 1.4.0 a unique certificate...