36 matches found
UltraJSON 安全漏洞
UltraJSON is an open-source, ultra-fast JSON encoder and decoder written in pure C language, and compatible with Python 3.7+. Versions of UltraJSON prior to 5.12.1 contained a security vulnerability. This vulnerability occurred when writing object-like data to a file using ujson.dump, where an...
Astra Linux - уязвимость в thunderbird
If a Thunderbird user quoted an HTML email, for example by replying to that email, and the email contained a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL would be made, regardless of any configuration that blocks remote...
CVE-2026-26208 ADB Explorer Vulnerable to Remote Code Execution via Insecure Deserialization
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allo...
CVE-2026-26208
CVE-2026-26208 affects ADB Explorer (Windows). It is vulnerable to insecure deserialization via JSON settings file deserialization: the app deserializes App.txt with Json.NET in which TypeNameHandling is set to Objects, enabling a crafted JSON file (for example containing an ObjectDataProvider ga...
Insecure Direct Object Reference (IDOR)
com.liferay, com.liferay.object.service is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control between virtual instances, which allows an attacker to access, create, edit, or relate data and object entries/definitions across different virtu...
(Pwn2Own) Adobe Acrobat Reader DC Object Prototype Pollution API Restrictions Bypass
This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Impact If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance she is not authorized to access, can gain read, update and delete access to it...
SUSE CVE-2022-45414
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...
DEBIAN-CVE-2022-45414
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...
UBUNTU-CVE-2022-45414
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Cross-Site Request Forgery (CSRF) in collectiveaccess/providence
Description More AJAX endpoints vulnerable to CSRF. 1: GET http://10.0.2.15/providence/index.php/find/BrowseObjects/createSetFromResult 2: POST http://10.0.2.15/providence/index.php/find/SearchObjects/saveResultsEditorData Proof of Concept 1:...
Description of Update Rollup 4 for System Center 2012 Operations Manager Service Pack 1
Description of Update Rollup 4 for System Center 2012 Operations Manager Service Pack 1 Symptoms Issues that Update Rollup 4 fixes are as follows. Operations Manager KB2880799 Issue 1 Windows PowerShell scripts or modules cannot be executed in an AllSigned environment. Symptom You receive the...
Ruby gem rack-mini-profiler Sensitive Information Access Vulnerability
Ruby gem rack-mini-profiler is an integrated client, database and server analysis toolkit for Ruby application development. A sensitive information acquisition vulnerability exists in Ruby gem rack-mini-profiler, which allows remote attackers to obtain sensitive strings and object information by...