19 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-15646
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libhtml-gumbo-perl - None CVE-2025-15646 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...
CVE-2018-15646
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...
Mozilla Thunderbird Security Advisory (MFSA2020-26) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Mozilla Thunderbird Security Advisory (MFSA2020-26) - Mac OS X
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0083)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
CVE-2020-15646
This CVE describes a credential theft flaw in Thunderbird: if an attacker can intercept Thunderbird’s initial automatic account setup via Microsoft Exchange autodiscovery and reply with crafted data, Thunderbird may send a username and password over HTTPS to the attacker-controlled server. Affect...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
RHEL 7 : thunderbird (RHSA-2020:2906)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fixes: Mozilla:...
KLA11829 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability on JavaScript Objec...
CVE-2019-15646
CVE-2019-15646 examines the RSVPMaker WordPress plugin. The connected documents confirm a SQL injection vulnerability in RSVPMaker versions prior to 6.2, arising from the plugin’s handling of input in its database queries. Impact, as stated, includes exposure to confidential data via unauthorized...
Webmin < 1.860 Cross Site Scripting Vulnerability
According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.860. It is, therefore, affected by a cross site scripting vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108561; scriptversion"1.6";...
CVE-2017-15646
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...
CVE-2017-15646
Webmin before 1.860 is affected by CVE-2017-15646: a stored XSS in the web-based File Manager download-from-remote-URL flow can lead to remote code execution via a crafted payload in a name="cmd" parameter. Remediation: upgrade Webmin to 1.860 or later (or apply vendor-provided fixes).
CVE-2018-15646
CVE-2018-15646 entry is rejected/not used per the initial description.
CVE-2018-15646
...
CVE-2025-15646
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...