Lucene search
K

62 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Thunderbird, Firefox

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially lead to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

8.8CVSS8.2AI score0.00884EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...

5.3CVSS7.1AI score0.25951EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-102.6.0-2.el8.ML.1 (AXSA:2023-4885:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4885:02 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...

9.8CVSS5.8AI score0.00921EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : firefox-102.6.0-1.0.1.el7.AXS7 (AXSA:2022-4439:38)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4439:38 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...

9.8CVSS8.3AI score0.00921EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-2219

Malware in sbrugna...

5CVSS6.4AI score0.01805EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-49654

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00884EPSS
Exploits0References29
OSV
OSV
added 2025/08/11 1:53 p.m.8 views

BIT-LIBPHP-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

5.3CVSS7.1AI score0.25951EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.16 views

CentOS 7 : thunderbird (RHSA-2022:9079)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...

9.8CVSS8.3AI score0.00921EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.14 views

CentOS 7 : firefox (RHSA-2022:9072)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9072 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.Thi...

9.8CVSS8.3AI score0.00921EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.44 views

CentOS 8 : thunderbird (CESA-2023:1802)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1802 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...

8.8CVSS7.8AI score0.01185EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.3 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 5:15 p.m.1 views

DEBIAN-CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.8CVSS8AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2023/06/02 5:15 p.m.6 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.8CVSS7.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/04/17 3:3 p.m.3 views

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 2:15 p.m.2 views

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 2:4 p.m.3 views

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 2:3 p.m.6 views

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 2:1 p.m.2 views

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 1:56 p.m.4 views

Mozilla: Content-Disposition filename truncation leads to Reflected File Download

The Mozilla Foundation Security Advisory describes this flaw as: When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
Rows per page
Query Builder