Astra Linux - уязвимость в thunderbird, firefox

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log did not account for external URLs. As a result, data could potentially be exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

CVE-2025-68804 platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread crosecconsolelogwork is still accessing the device, resulting an UAF and crash. The driver doesn't unregister the EC device ...

Apache Tomcat 9.0.0-M1 < 9.0.109 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

EUVD-2004-0514

Malware in sbrugna...

EUVD-2023-1591

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-23603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data...

PT-2024-17782 · Unknown · Treasurehuntgame Treasurehunt

Name of the Vulnerable Software and Affected Versions: TreasureHuntGame TreasureHunt up to 963e0e0 Description: A critical vulnerability has been found in TreasureHuntGame TreasureHunt. The issue affects the console log function of the file TreasureHunt/checkflag.php. The manipulation of the...

Provisioning Services Console Error is Displayed During KMS Activation

When changing a virtual disk vDisk in private mode to KMS activation and then changing the mode to standard image modeor changing the activation procedure to KMS for a vDisk in standard image mode, the following error message appears, which can be seen in the console.log when in debug level or in...

IPC Error While Validating Provisioning Services Store

Multiple Provisioning Services Servers in the farm come with an IPC error when trying to validate the store path except on the server you are running Provisioning Services Server console: When validating the store, following error appears in the console Log:...

IPC Error when Exporting the vDisk on Provisioning Services

IPC Error when exporting vDisk on Provisioning Services PVS. PVS Console log includes thefollowing errors: ERROR EnterpriseAccess.HandlerBase - PvsStatusExceptionHandlerERROR EnterpriseAccess.HandlerBase - return code: 184ERROR EnterpriseAccess.HandlerBase - exception type: PvsStatusExceptionERRO...

CVE-2023-23603

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

vm2 vulnerable to Inspect Manipulation

In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. Impact A threat actor can edit options for console.log. Patches This vulnerability was patched in the release of version 3.9.18 of vm2. Workarounds After...

GHSA-P5GC-C584-JJ6V vm2 vulnerable to Inspect Manipulation

In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. Impact A threat actor can edit options for console.log. Patches This vulnerability was patched in the release of version 3.9.18 of vm2. Workarounds After...

SUSE CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

MGASA-2023-0034 Updated thunderbird packages fix security vulnerability

libusrsctp library out of date. CVE-2022-46871 Arbitrary file read from GTK drag and drop on Linux. CVE-2023-23598 URL being dragged from cross-origin iframe into same tab triggers navigation. CVE-2023-23601 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers...

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...