DEBIAN-CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

UBUNTU-CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

GHSA-R4PF-3V7R-HH55 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

Impact Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh installer script. NSExec by default searches the current directory of where the installer is located before searching PATH. This means that if an attacker can place a malicious executable file named...

PT-2024-21807

Name of the Vulnerable Software and Affected Versions electron-builder versions prior to 24.13.2 Description A vulnerability in electron-builder for Windows allows an attacker to execute a malicious file named cmd.exe if it is placed in the same folder as the installer. The NSIS installer makes a...

PT-2024-19433 · Dell · Dell Display/Peripheral Manager

Name of the Vulnerable Software and Affected Versions: Dell Display and Peripheral Manager for macOS versions prior to 1.3 Description: The issue is related to an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the...

PT-2024-2228 · Mozilla +10 · Thunderbird +10

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 115.8.1 Description: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

CVE-2024-22723

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...

Webtrees Security Breach

Webtrees is a web application for publishing family trees online, collaborating with family members, and more. A security vulnerability exists in Webtrees version 2.1.18, which stems from an attacker's ability to navigate to other directories via the mediafolder parameter to access sensitive file...

CVE-2024-22723

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...

CVE-2023-48678

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

Information disclosure

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2023-48678

CVE-2023-48678 affects Acronis Cyber Protect 16 (Linux and Windows) before build 37391. Root cause: insecure folder permissions leading to sensitive information disclosure. CVSS 3.1/3.0 base metrics indicate high confidentiality impact with local, low-complexity access and low privileges required...

CVE-2023-48678

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2023-48678

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

CVE-2024-1912

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

CVE-2024-1653

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

AnythingLLM Input Validation Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an input validation error vulnerability that stems from improper cleaning of user input resulting in path traversal. An attacker could use this vulnerability to recursively delete arbitrary folders on a...

Acronis Cyber Protect Security Vulnerability

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. It combines backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management and more. A security...