Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

mozilla: Use-after-free in JavaScript garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free...

mozilla: Use-after-free in JavaScript garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free...

mozilla: Use-after-free in JavaScript garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

mozilla: Use-after-free in JavaScript garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free...

CVE-2024-39400

Adobe Commerce (Magento) DOM-based XSS (CVE-2024-39400) affects versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The root cause is a DOM-based XSS lack of proper filtering/escaping of user-supplied data, allowing an admin attacker to inject and execute arbitrary JavaScript in the cont...

mozilla: Use-after-free in JavaScript garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

mozilla: Use-after-free in JavaScript garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free...

CVE-2024-41774 IBM Common Licensing cross-site scripting

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 3503...

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability August 13, 2024 CVE Number CVE-2024-41830 SUMMARY A use-after-free vulnerability exists in the AV3DVirtAnnot functionality of Adobe Acrobat Reader 2024.002.20759. A...

Bakery Shop Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Bakery Shop Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 ...

Apache DolphinScheduler: RCE by arbitrary js execution

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...

CVE-2024-36461

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine...

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...

CVE-2024-33533

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an...