14 matches found
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2024-43371
CVE-2024-43371 describes a Server Side Request Forgery (SSRF) in CKAN via multiple plugins (XLoader, DataPusher, Resource proxy, ckanext-archiver) that fetch remote resources without validating the target URL. The underlying issue is that these plugins use the resource URL without restricting des...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
SUSE CVE-2018-12398
By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...
Denial Of Service (DoS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary JavaScript code
The vulnerability of Firefox lies in the improper restriction of resource: URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges of a Chrome browser, thereby circumventing access control policies. This can be achieved, for example, by usi...
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Updated firefox & thunderbird packages fix security vulnerabilities
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
RedHat Update for firefox RHSA-2015:0766-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla: resource: // documents can load privileged pages (MFSA 2015-33)
A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox...
Important: Red Hat Security Advisory: thunderbird security update
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
UBUNTU-CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
firefox, xulrunner security update
CentOS Errata and Security Advisory CESA-2015:0766 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS bas...