Lucene search
+L

73 matches found

BDU FSTEC
BDU FSTEC
added 2018/07/12 12:0 a.m.9 views

The vulnerability in the display of the Activity Stream page on Mozilla Firefox browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Activity Stream page display on Mozilla Firefox is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the “file:“ URL...

5.3CVSS7.8AI score0.01578EPSS
Exploits0References10Affected Software3
NVD
NVD
added 2018/06/11 9:29 p.m.16 views

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS4.8AI score0.01578EPSS
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS7.3AI score0.01578EPSS
Exploits0References5
Prion
Prion
added 2018/06/11 9:29 p.m.14 views

Code injection

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5CVSS6.2AI score0.01578EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2018/06/11 9:0 p.m.137 views

CVE-2018-5118

CVE-2018-5118 affects Firefox

5.3CVSS6.1AI score0.01578EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.26 views

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS7.3AI score0.01578EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.20 views

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

6.2AI score0.01578EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2018/01/24 12:0 a.m.53 views

Mozilla Firefox Security Advisories (MFSA2018-02, MFSA2018-03) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

10CVSS7.8AI score0.20024EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/01/24 12:0 a.m.45 views

FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)

Mozilla Foundation reports : CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...

10CVSS7.4AI score0.20024EPSS
Exploits0References35
UbuntuCve
UbuntuCve
added 2018/01/23 12:0 a.m.18 views

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS6.8AI score0.01578EPSS
Exploits0References3
OSV
OSV
added 2018/01/23 12:0 a.m.3 views

UBUNTU-CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS6.8AI score0.01578EPSS
Exploits0References4
Atlassian
Atlassian
added 2017/03/13 4:15 a.m.34 views

Restricted Work Log entries show in the Activity Stream for JIRA Cloud

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/03/13 4:15 a.m.26 views

Restricted Work Log entries show in the Activity Stream for JIRA Cloud

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility to support groups as per Configuring JIRA...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/08/04 1:6 p.m.25 views

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2014/10/15 3:39 p.m.19 views

Activity stream on JAC contains updates from another user

Jira prompted me to change my time zone, and brought me to a profile that seems to be for a completely different user who happens to share my first name and last initial. See attached screen shot. Going directly to https://secretlocation.atlassian.net/secure/ViewProfile.jspa shows me the proper...

1.9AI score
Exploits0Affected Software1
Prion
Prion
added 2014/10/13 6:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages...

4.3CVSS6.1AI score0.01284EPSS
Exploits0References6Affected Software1
Atlassian
Atlassian
added 2014/04/01 2:35 p.m.19 views

Avatars appear on Activity Stream even for anonymous users

Every user, independent of privileges, is able to see entries related to user's avatar change on Activity Stream. It also happens for users that are not logged in. See attached image...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/01 2:35 p.m.73 views

Avatars appear on Activity Stream even for anonymous users

Every user, independent of privileges, is able to see entries related to user's avatar change on Activity Stream. It also happens for users that are not logged in. See attached image...

3AI score
Exploits0Affected Software1
Drupal
Drupal
added 2014/02/12 12:0 a.m.21 views

SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)

Drupal Commons is a ready-to-use solution for building either internal or external communities. It provides a complete social business software solution for organizations. Drupal Commons displays an "activity stream" containing messages about actions users take on the site. In some cases, message...

4.3CVSS6AI score0.01284EPSS
Exploits0References12
Atlassian
Atlassian
added 2013/08/08 5:20 p.m.16 views

Persistent XSS in Username field

The XSS vulnerability is only present in some parts of the UI where the username is incorrectly marked as "safe" for HTML output. Known vulnerability points: When viewing a user's activity stream on their profile page When viewing the site-wide activity stream in the Administrative UI This...

1.8AI score
Exploits0Affected Software1
Rows per page
Query Builder