Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. CVE-2020-12417 The Mozilla Foundation Security...

WP Coder < 2.5.4 - Admin+ SQLi

The plugin does not properly sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2023:0435-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0435-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java ...

Cross-site Scripting in Jenkins Pipeline: Build Step Plugin

Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control job names...

GHSA-PH74-8RGX-64C5 Cross-site Scripting in Jenkins JUnit Plugin

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

Cross site scripting

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

SUSE CVE-2003-0790

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a...

SUSE CVE-2006-2191

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable...

SUSE CVE-2013-2218

Double free vulnerability in the virConnectListAllInterfaces method in interface/interfacebackendnetcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service libvirtd crash via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list...

SUSE CVE-2014-6425

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...

SUSE CVE-2015-1850

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none...

SUSE CVE-2016-7860

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-2836

An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or u...

SUSE CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

SUSE CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

SUSE CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

SUSE CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Firefox 58...

SUSE CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

SUSE CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

SUSE CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...