sidekiq Denial of Service vulnerability

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service DoS due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests...

The vulnerability of the localstorage object in the Mozilla Firefox browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the localstorage storage mechanism in the Mozilla Firefox browser is related to authentication errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

SUSE CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

Code injection

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

UBUNTU-CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

USN-6201-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-37201, CVE-2023-37202,...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

CVE-2023-3482

The CVE-2023-3482 issue affects Mozilla Firefox prior to version 115, where blocking all cookies does not prevent data exfiltration via localStorage using an iframe with src='about:blank'. This allows a malicious site to store tracking data in the local storage without permission, representing an...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

Design/Logic Flaw

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

MAL-2022-600 Malicious code in @specials/localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78321fadd6fcf17baa2b1cf2acbc2492ce5bca353293bff20be8b751fed59714 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @specials/localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78321fadd6fcf17baa2b1cf2acbc2492ce5bca353293bff20be8b751fed59714 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

openSUSE 15 Security Update : ceph (openSUSE-SU-2021:1834-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1834-1 advisory. - A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from...

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

CVE-2020-27839

A flaw was found in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and...