27 matches found
CVE-2026-44581
A flaw was found in Next.js. This vulnerability, a type of stored cross-site scripting XSS, allows a remote attacker to inject malicious scripts into web pages. By manipulating nonce values derived from request headers, an attacker can poison cached responses, leading to arbitrary script executio...
CVE-2024-57835
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
Important: thunderbird
Issue Overview: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...
Rocky Linux 8 : thunderbird (RLSA-2024:1494)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1494 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...
Oracle Linux 7 : thunderbird (ELSA-2024-1498)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1498 advisory. 115.9.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 115.9.0-1 - Update to...
CVE-2024-2610
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
SUSE CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6703-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6703-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...
CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
DEBIAN-CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2024-2610
CVE-2024-2610 involves a markup-injection issue that could leak CSP nonces, enabling CSP policy leakage. Affected: Firefox <124, Firefox ESR <115.9, Thunderbird
CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
UBUNTU-CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2024-2610
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
PT-2023-25219 · WordPress · All In One B2B For Woocommerce
Name of the Vulnerable Software and Affected Versions: All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier Description: The issue allows an attacker to perform CSRF attacks due to improper checking of nonce values in several actions. Recommendations: For All in One B2B for...