Red Lion Crimson

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Red Lion Equipment : FlexEdge Gateway, DA50A, DA70A running Crimson Vulnerability : Improper Neutralization of Null Byte or NUL Character 2. RISK EVALUATION Successful exploitation of this...

visuality.de Improper Access Control vulnerability OBB-3771576

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Improper Authorization Vulnerability in Conflue...

Debian: Security Advisory (DSA-5540-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.

The Mozilla Foundation Security Advisory describes this flaw as: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash...

RHEL 8 : firefox (RHSA-2023:6187)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6187 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Users will retain possession of their USDe after redeeming collateral

Lines of code Vulnerability details Impact Users will retain possession of their USDe after redeeming their collateral this can lead to theft/loss of funds. Proof of Concept See belo for the coded POC. The benefactor and the beneficiary in the Order struct containing order details and confirmatio...

Oracle Linux 7 : firefox (ELSA-2023-6162)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6162 advisory. - Add fix for CVE-2023-44488 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

RHEL 8 : thunderbird (RHSA-2023:6196)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6196 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla:...

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

Centralite Pearl Thermostat

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Centralite Equipment : Pearl Thermostat Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

SUSE CVE-2023-5728

During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...

GHSA-MV77-FJ63-Q5W8 Stored XSS vulnerability in Jenkins GitHub Plugin

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. GitHub Plugin 1.37.3.1 escapes GitHub project URL on the...