Lucene search
K

207 matches found

Cvelist
Cvelist
added 2025/03/10 6:41 p.m.16 views

CVE-2025-26695 Downloading of OpenPGP keys from WKD used incorrect padding

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

0.00145EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/03/10 6:41 p.m.9 views

CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

5.3CVSS5.2AI score0.00145EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Mozilla Thunderbird < 136.0

The version of Thunderbird installed on the remote Windows host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-17 advisory. - Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of thes...

9.8CVSS7.1AI score0.00519EPSS
Exploits1References14
BDU FSTEC
BDU FSTEC
added 2024/08/27 12:0 a.m.8 views

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and group services provided by Apache ZooKeeper, related to exposing confidential information to unauthorized individuals, allows attackers to gain access to confidential information.

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the absence of ACL checks during the operation of the persistent observer. Exploiting this vulnerability...

6.8CVSS6.6AI score0.00246EPSS
Exploits0References4Affected Software2
Circl
Circl
added 2024/08/26 11:0 p.m.5 views

CVE-2024-44795

creationtimestamp| type| source ---|---|--- 2024-08-26 23:00:36+00:00| seen| https://t.me/cvedetector/4196...

6.1CVSS4.8AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2024/08/07 4:9 p.m.29 views

CVE-2024-7531

The Mozilla Foundation Security Advisory describes this flaw as: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the...

3.1CVSS7.5AI score0.00409EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/08/06 1:15 p.m.28 views

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

6.2AI score0.00409EPSS
Exploits0
OSV
OSV
added 2024/08/06 1:15 p.m.22 views

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

6.5CVSS6AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/08/06 1:15 p.m.25 views

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

6.5CVSS6.9AI score0.00409EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/08/06 12:38 p.m.26 views

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

0.00409EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/06 12:38 p.m.19 views

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

6.1AI score0.00409EPSS
Exploits0References4
CVE
CVE
added 2024/08/06 12:38 p.m.301 views

CVE-2024-7531

CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...

6.5CVSS6.4AI score0.00409EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.35 views

Mozilla Firefox ESR < 128.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 ...

9.8CVSS7.4AI score0.00602EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.24 views

Mozilla Firefox ESR < 128.1

The version of Firefox ESR installed on the remote Windows host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 -...

9.8CVSS7.4AI score0.00602EPSS
Exploits0References13
Mozilla
Mozilla
added 2024/08/06 12:0 a.m.45 views

Security Vulnerabilities fixed in Firefox 129 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....

9.8CVSS7.9AI score0.00602EPSS
Exploits0References15Affected Software1
Mozilla
Mozilla
added 2024/08/06 12:0 a.m.30 views

Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

9.8CVSS9.3AI score0.00598EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/07/19 7:45 p.m.11 views

CVE-2024-41124 Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...

6.3CVSS6.7AI score0.0027EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2024/04/27 1:24 a.m.8 views

jamaicaobserver.com Cross Site Scripting vulnerability OBB-3923251

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/02/05 8:24 p.m.37 views

Sulu HTML Injection via Autocomplete Suggestion

Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...

4.8CVSS6.9AI score0.00518EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/05 8:24 p.m.17 views

GHSA-GFRH-GWQC-63CV Sulu HTML Injection via Autocomplete Suggestion

Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...

4.8CVSS4.4AI score0.00518EPSS
Exploits0References3
Rows per page
Query Builder