43 matches found
Cross-Origin Data Theft
Glances is vulnerable to Cross-Origin Data Theft via XML-RPC Server CORS Misconfiguration. The vulnerability is due to the XML-RPC handler not validating the Content-Type header, where an attacker-controlled webpage can issue a CORS simple request containing a valid XML-RPC payload, and the serve...
CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...
GHSA-9JFM-9RC6-2HFQ Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Summary The Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddleware reflects the requesting Origin header value in the Access-Control-Allow-Origin...
MiracleLinux 4 : thunderbird-60.7.0-1.AXS4 (AXSA:2019-3898:02)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3898:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 Mozilla: Cross-origin theft of images with createImageBitmap...
Mozilla Firefox ESR < 60.2
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-21 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by...
EUVD-2018-10224
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-18499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http- equiv=refresh on a page to cause a redirection to another...
Imagination Security Breach
Imagination is a chip from Imagination. A security vulnerability exists in Imagination 2018 and prior versions, which stems from a software-transparent compression provided by PVRIC on GPU devices, which can be exploited for cross-origin pixel stealing attacks against feTurbulence and feBlend in...
Mozilla Firefox Security Advisory (MFSA2019-04) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CentOS 8 : thunderbird (CESA-2019:1308)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1308 advisory. - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2018-18511 - Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 -...
CentOS 7 : thunderbird (CESA-2019:1309)
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
thunderbird security update
CentOS Errata and Security Advisory CESA-2019:1310 An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
thunderbird security update
CentOS Errata and Security Advisory CESA-2019:1309 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with...
MGASA-2019-0190 Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with...
MGASA-2019-0191 Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...
OPENSUSE-SU-2019:1534-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 60.7.0esr boo1135824 MFSA 2019-14: CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)
Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 - Mozilla: Cross-origin theft of images with createImageBitmap CVE-2019-9797 - Mozilla: Stealing of cross-domain images using canvas CVE-2019-9817 - Mozilla: Compartment mismatch with fetch API...
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190604)
Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 - Mozilla: Cross-origin theft of images with createImageBitmap CVE-2019-9797 - Mozilla: Stealing of cross-domain images using canvas CVE-2019-9817 - Mozilla: Compartment mismatch with fetch API...