CVE-2026-40925

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

EUVD-2026-19454

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

Mageia: Security Advisory (MGASA-2019-0212)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0213)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:14124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : thunderbird (CESA-2019:1799)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1799 advisory. - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Script injection within domain through inner window...

Cross-site Request Forgery (CSRF)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. An attacker might be able to set the href attribute of an anchor tag or the action attribute of a form tag that will...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1782-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2248-1 Rating: important References: 1140868 1141322 1149296 1149297 1149298 1149299 1149303 1149304 1150939 1152375 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712...

Updated thunderbird packages fix security vulnerabilities

This update provides an update to thunderbird 68.0, updates enigmail to 2.1.2 and fixes the following security issues: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Thunderbird 68. CVE-2019-11710 Script...

Security update for MozillaThunderbird (moderate)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:1990-1 Rating: moderate References: 1137970 1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729...

openSUSE Security Update : MozillaFirefox (openSUSE-2019-1811)

This update for MozillaFirefox, mozilla-nss fixes the following issues : MozillaFirefox to version ESR 60.8 : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. -...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1813)

This update for MozillaThunderbird version 60.8 fixes the following issues : Security issues fixed : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. - CVE-2019-11712:...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:1813-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:1813-1 Rating: important References: 1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1811-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS Update for thunderbird CESA-2019:1777 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : thunderbird (RHSA-2019:1799)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1799 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fixes: Mozilla:...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190715)

This update upgrades Thunderbird to version 60.8.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Sandbox escape via installation of malicious language pack CVE-2019-9811 - Mozilla: Script injection within domain through inner...