207 matches found
CVE-2025-26695 Downloading of OpenPGP keys from WKD used incorrect padding
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...
CVE-2025-26695
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...
Mozilla Thunderbird < 136.0
The version of Thunderbird installed on the remote Windows host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-17 advisory. - Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of thes...
The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and group services provided by Apache ZooKeeper, related to exposing confidential information to unauthorized individuals, allows attackers to gain access to confidential information.
The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the absence of ACL checks during the operation of the persistent observer. Exploiting this vulnerability...
CVE-2024-44795
creationtimestamp| type| source ---|---|--- 2024-08-26 23:00:36+00:00| seen| https://t.me/cvedetector/4196...
CVE-2024-7531
The Mozilla Foundation Security Advisory describes this flaw as: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the...
CVE-2024-7531
Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...
CVE-2024-7531
Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...
CVE-2024-7531
Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...
CVE-2024-7531
Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...
CVE-2024-7531
Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...
CVE-2024-7531
CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...
Mozilla Firefox ESR < 128.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 ...
Mozilla Firefox ESR < 128.1
The version of Firefox ESR installed on the remote Windows host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 -...
Security Vulnerabilities fixed in Firefox 129 — Mozilla
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....
Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...
CVE-2024-41124 Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...
jamaicaobserver.com Cross Site Scripting vulnerability OBB-3923251
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Sulu HTML Injection via Autocomplete Suggestion
Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...
GHSA-GFRH-GWQC-63CV Sulu HTML Injection via Autocomplete Suggestion
Impact It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags. Patches Has the problem been patched? What versions should users upgrade to? The problem is patch...