CVE-2024-41906

CVE-2024-41906 affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to V2.0. The vulnerability arises from improper handling of cacheable HTTP responses in the web service, enabling an attacker to read and potentially modify data stored in the local cache. Affected products ...

Sensitive Information Disclosure

apache-airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the absence of a "Cache-Control" header in the response headers for dynamic content, which could lead to the unintended caching of sensitive information in the local cache of web browsers...

Oracle Linux 8 : thunderbird (ELSA-2024-1494)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1494 advisory. 115.9.0-1.0.1 - Add Oracle prefs 115.9.0-1 - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 Tenable has extracted the preceding description block...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

The vulnerability of Mozilla Thunderbird’s email client, related to errors in assigning encrypted email subjects to arbitrary other emails in the local cache, allows attackers to gain access to confidential information.

The vulnerability of Mozilla Thunderbird’s email client stems from errors in assigning the encrypted subject of an email to any other electronic message in the local cache. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

Low: thunderbird

Issue Overview: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:0893-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0893-1 advisory. - The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary...

Mozilla Thunderbird Security Update (MFSA2024-11) - Windows

Mozilla Thunderbird is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Vulnerability fixed in Mozilla Thunderbird

Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...

DEBIAN-CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

UBUNTU-CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

PT-2024-2228 · Mozilla +10 · Thunderbird +10

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 115.8.1 Description: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

SUSE CVE-2018-12385

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally...

Apache Ivy vulnerable to path traversal

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

GHSA-WV7W-RJ2X-556X Apache Ivy vulnerable to path traversal

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

Apache Ivy 路径遍历漏洞

Apache Ivy is a deliverable package manager from the Apache Foundation USA. A path traversal vulnerability exists in Apache Ivy versions prior to 2.5.1, which stems from the fact that artifacts may be stored outside of Ivy's local cache or repository, or can overwrite different artifacts within t...