Lyst: Subdomain takeover of storybook.lystit.com

Summary: The subdomain storybook.lystit.com had an CNAME record pointing to an unclaimed S3 bucket. This is a high severity security issue because an attacker can register the bucket on AWS and therefore can serve her own content on the subdomain. This allows for various attacks. Description: The...

CVE-2019-19547

Symantec Endpoint Detection and Response SEDR, prior to 4.3.0, may be susceptible to a cross site scripting XSS issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially...

Cross site scripting

Symantec Endpoint Detection and Response SEDR, prior to 4.3.0, may be susceptible to a cross site scripting XSS issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially...

CVE-2019-19547

Symantec Endpoint Detection and Response SEDR, prior to 4.3.0, may be susceptible to a cross site scripting XSS issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1782-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

Cross site scripting

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

CVE-2019-11762

The CVE-2019-11762 issue is a cross-origin origin isolation bug where two same-origin documents setting document.domain differently could allow calling arbitrary DOM methods/getters/setters on the now-cross-origin window. Affected products include Firefox (<70) and Firefox ESR (<68.2), and ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0233)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was foun...

NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0231)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerabilit...

chromium-browser: Insufficient validation of untrusted input in Blink

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content...

chromium-browser: Insufficient policy enforcement in WebSockets

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Important: thunderbird

Issue Overview: Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.CVE-2019-11764 A flaw was discovered in both Firefox and Thunderbird...

CVE-2019-18378

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentiall...

CVE-2019-18378

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentiall...

Cross site scripting

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentiall...

CVE-2019-18378

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentiall...

CVE-2019-13741

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content...

CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page...