25 matches found
UBUNTU-CVE-2019-25544
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat,...
EUVD-2019-15039
Malware in sbrugna...
EUVD-2021-31551
Malicious code in bioql PyPI...
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
Client-Side Enforcement of Server-Side Security
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security due to improper implementation of password policy validations in the /api/v1/user/accept-invite endpoint. An attacker can...
CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...
CentOS 6 : thunderbird (RHSA-2020:2966)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...
CentOS 7 : thunderbird (RHSA-2020:2906)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...
Open-Xchange App Suite 安全漏洞
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange App Suite that stems from the processing of POP3 function responses withou...
Cross site scripting
A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup...
CVE-2020-36636 OpenMRS Admin UI Module Account Setup AccountPageController.java sendErrorMessage cross site scripting
A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup...
Code injection
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the MFAUserAccountSetupMVCActionCommand class that allows an authenticated used to deny service to another user by enabling the Time-based One-time password TOTP feature for their account, or by modifying the...
Information Disclosure
Thunderbird is vulnerable to information disclosure. An attacker is able to intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and sends a crafted response, of which Thunderbird will responds with username and password...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
RHEL 8 : thunderbird (RHSA-2020:3046)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3046 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fixes: Mozilla:...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Mozilla: Automatic account setup leaks Microsoft Exchange login credentials
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Mozilla: Automatic account setup leaks Microsoft Exchange login credentials
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Security fix for the ALT Linux 10 package thunderbird version 68.10.0-alt1
July 13, 2020 Andrey Cherepanov 68.10.0-alt1 - New version 68.10.0. - Fixes: + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner +...