The vulnerability in the processing of CSP policies for Mozilla Firefox and Mozilla Thunderbird web browsers, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of CSP policies for Mozilla Firefox and Mozilla Thunderbird browsers is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by embedding additional content within documents...

CVE-2021-4038 NSM vulnerable to XSS

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in a...

Mozilla: Bypass of CSP sandbox directive when embedding

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Mozilla: Bypass of CSP sandbox directive when embedding

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

DEBIAN-CVE-2021-43543

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

CVE-2021-43543

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Mozilla: Bypass of CSP sandbox directive when embedding

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozilla Firefox, which can be exploited by attackers to use the CSP sandbox command, where loaded documents can escape the scripting restrictions of the sandbox by...

Privilege Escalation

github.com/fluxcd/kustomize-controller is vulnerable to privilege escalation. Users with privilege to create Kubernetes Secrets, Service Accounts and Flux Kustomization objects is allowed to use kustomize-controller to execute shell commands on the container OS via embedding a shell script in a...

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +62 more potentially affected by CVE-2021-41200 via tensorflow (>=2.5.0 <=2.5.1)

tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =3.0.0 and more Source cves: CVE-2021-41200 Source advisory: OSV:GHSA-GH8H-7J2J-QV4F...

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +62 more potentially affected by CVE-2021-41209 via tensorflow (>=2.5.0 <=2.5.1)

tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =3.0.0 and more Source cves: CVE-2021-41209 Source advisory: OSV:PYSEC-2021-401...

Yellowfin Cross-Site Scripting Vulnerability

Yellowfin is a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. A stored cross-site scripting vulnerability exists in the video embedding feature in Yellowfin versions prior to 9.6.1. An attacker can exploit this vulnerability by sending a...

Yellowfin Business Intelligence Yellowfin 跨站脚本漏洞

Yellowfin is a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. A stored cross-site scripting vulnerability exists in the video embedding feature in Yellowfin versions prior to 9.6.1. An attacker can exploit this vulnerability by sending a...

Vulnerability of Windows operating systems, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Windows operating systems is related to errors in code generation control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created file containing a malicious OLE object...

Updated cockpit packages fix security vulnerability

Restrict frame embedding to same origin...

MGASA-2021-0467 Updated cockpit packages fix security vulnerability

Restrict frame embedding to same origin...

Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29815)

Summary IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability...

CVE-2021-39219

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

CVE-2021-39219

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...