Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

EasyRanges 安全漏洞

EasyRanges is a small Julia package from the individual developer Éric Thiébaut. A security vulnerability exists in EasyRanges version 1.41, which stems from an issue with EasyRange that contains search paths for executables, which could lead to loading executables located in the same folder as t...

PT-2024-40505 · Burn · Burn

Name of the Vulnerable Software and Affected Versions: Burn versions affected versions not specified Description: The issue concerns the use of an unprotected directory, C:WindowsTemp, by Burn to copy and run binaries. This directory is accessible to low-privilege users, who can hijack binaries...

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

WP Media folder < 5.7.3 - Authenticated (Subscriber+) Arbitrary File Upload

Description The WP Media folder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary...

The vulnerability of the Windows Compressed Folder component in Windows operating systems allows attackers to compromise the integrity of protected information.

The vulnerability of the Windows Compressed Folder component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information through a specially created file...

UBUNTU-CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-28863

CVE-2024-28863 affects the npm package graph for Node.js via the node-tar library. The issue: node-tar prior to version 6.2.1 imposes no limit on the number of sub-folders created during folder extraction, enabling an attacker to produce a path with many sub-folders that can consume memory and cr...

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

CVE-2024-25907 WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-25907 WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-25908

CVE-2024-25908 affects the WordPress plugin WP Media Folder (JoomUnited) up to version 5.7.2. The root cause is missing authorization validation, enabling unauthenticated or subscriber-level users to modify post/page titles and excerpts. Public sources in connected data confirm the vulnerability ...

CVE-2024-25908 WordPress WP Media folder plugin <= 5.7.2 - Subscriber+ Arbitrary Post/Page Modification vulnerability

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

PT-2024-21199 · Joomunited · Joomunited Wp Media Folder

Name of the Vulnerable Software and Affected Versions: JoomUnited WP Media folder versions 5.7.2 and earlier Description: A Missing Authorization issue affects the JoomUnited WP Media folder, allowing unauthorized access. Recommendations: For versions 5.7.2 and earlier, update to a version later...

PT-2024-21198 · Joomunited · Joomunited Wp Media Folder

Name of the Vulnerable Software and Affected Versions: JoomUnited WP Media folder versions 5.7.2 and earlier Description: A Missing Authorization issue affects the JoomUnited WP Media folder, allowing unauthorized access. Recommendations: For versions 5.7.2 and earlier, update to a version later...

Low: thunderbird

Issue Overview: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a...