Design/Logic Flaw

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...

CVE-2022-45414

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clonefrom function in base.py makes external calls to git without sufficient sanitization of input arguments, allowing an attacker to inject and execute a maliciously crafted remote URL into the clone comma...

GitPython vulnerable to Remote Code Execution due to improper user input validation

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

GHSA-HCPJ-QP55-GFPH GitPython vulnerable to Remote Code Execution due to improper user input validation

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

CVE-2022-45414

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Mozilla Thunderbird < 102.5.1

The version of Thunderbird installed on the remote Windows host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-50 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a...

Mozilla Thunderbird < 102.5.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-50 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained...

Security Vulnerabilities fixed in Thunderbird 102.5.1 — Mozilla

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...

Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users t...

hadoop: WebHDFS client might send SPNEGO authorization header

A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header to a remote URL without proper verification which could lead to an access restriction bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

[SECURITY] Fedora 35 Update: ignition-2.14.0-3.fc35

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

The vulnerability of Thunderbird email client, Firefox and Firefox ESR browsers relates to improper error handling when processing an inaccessible PAC file. This allows a malicious actor to specify a URL for the PAC file. If the server on which the PAC file is located becomes unavailable, OCSP requests are blocked, resulting in incorrect error pages being displayed.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to improper error handling when processing an inaccessible PAC file. Exploiting this vulnerability allows a remote attacker to specify a PAC URL. If the server where the PAC file is located ...

CVE-2022-1365

A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked...

Webmin 1.984 Remote Code Execution

Exploit Title: Webmin 1.984 - Remote Code Execution Authenticated Date: 2022-03-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.webmin.com/ Software Link: https://github.com/webmin/webmin/archive/refs/tags/1.984.zip Version: = 1.984 Tested on: Ubuntu 18...

CVE-2021-29217

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard versions: Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard...

HPE OneView Global Dashboard 输入验证错误漏洞

HPE OneView Global Dashboard OVGD is a dashboard solution from Hewlett Packard Enterprise hpe. A security vulnerability exists in HPE OneView Global Dashboard that stems from the discovery of a remote URL redirection vulnerability in HPE OneView Global Dashboard version:prior to version 2.5...

GHSA-F8VC-WFC8-HXQH Improper Privilege Management in Apache Hadoop

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification...

Exposure of Sensitive Information in simple-get

In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party...