Astra Linux - уязвимость в thunderbird

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird versions earlier than 128.4.3 and Thunderbird version 132.0.1...

CVE-2026-43948 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

CVE-2026-43948

Summary (CVE-2026-43948 / GHSA-mhc8-p3jx-84mm): In wger, password reset and gym-permissions edits allow a user with gym.manage_gym and gym=None to reset another gym=None user’s password and receive the plaintext password in the HTML response. Root cause: Django ORM object comparison (request.user...

CVE-2026-43948 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

wger is a free, open-source workout and fitness manager. Prior to 2.6, the resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker...

NATS has MQTT plaintext password disclosure

...

MiracleLinux 9 : thunderbird-128.5.0-1.el9_5.ML.1 (AXSA:2024-9440:30)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9440:30 advisory. thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message CVE-2024-11159 firefox: thunderbird: CSP Bypass and XSS Exposure via Web...

CVE-2019-7312

Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows ANSSI qualification submission before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac...

CVE-2021-47710

COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request ...

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope has a trust management issue vulnerability that stems from...

Mozilla Thunderbird < 52.8

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corrupti...

EUVD-2018-16969

Malware in sbrugna...

EUVD-2021-25703

Malware in sbrugna...

EUVD-2019-16856

Malware in sbrugna...

EUVD-2021-7621

Malicious code in bioql PyPI...

CVE-2021-42642

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer...

RockyLinux 8 : thunderbird (RLSA-2024:10591)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10591 advisory. thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message CVE-2024-11159 firefox: thunderbird: CSP Bypass and XSS Exposure via Web...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message

The Mozilla Foundation Security Advisory describes this flaw as: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext...

thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message

The Mozilla Foundation Security Advisory describes this flaw as: Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext...