Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...

Information Disclosure

firefox:sid is vulnerable to information disclosure. Remote attackers are able to access the post-redirect URL of the element clicked resulting in a same-origin-violation leaking data, the Web Extension should have access to...

Design/Logic Flaw

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

CVE-2021-38507

CVE-2021-38507 describes a vulnerability in HTTP/2 Opportunistic Encryption (RFC 8164) where, if a second encrypted port on the same IP (e.g., 8443) did not opt in, a network attacker could forward 443 to 8443 and trick the browser into treating the content as same-origin with HTTP. The issue was...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

CVE-2021-43531

CVE-2021-43531 affects Firefox prior to version 94. The issue arises when a Web Extension loads a context menu and could access the post-redirect URL of the clicked element if it lacked WebRequest permissions for the involved hosts, causing a same-origin-violation that leaks data the extension wo...

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

Tokens can be stolen when depositToken == rewardToken

Handle cmichel Vulnerability details The Streaming contract allows the deposit and reward tokens to be the same token. I believe this is intended, think Sushi reward on Sushi as is the case with xSushi. The reward and deposit balances are also correctly tracked independently in depositTokenAmount...

14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers

Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious...

[ASA-202112-2] opera: multiple issues

Arch Linux Security Advisory ASA-202112-2 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...

[ASA-202112-1] vivaldi: multiple issues

Arch Linux Security Advisory ASA-202112-1 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992...

eGeeTouch 3rd Generation Travel Padlock application 安全漏洞

The eGeeTouch 3rd Generation Travel Padlock application is a smart luggage lock from eGeeTouch, Inc. that provides simple and enhanced security for travel luggage to meet the travel experience of a growing number of travelers across the globe. A security vulnerability exists in the eGeeTouch 3rd...

Nextcloud Android app 安全漏洞

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud news- There is a security vulnerability in Android that allows an attacker to install a malicious application on the same device, which can be exploited by an attacker to...

SUSE SLED15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2021:3745-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3745-1 advisory. MozillaFirefox was updated to Extended Support Release 91.3.0 ESR Fixed: Various stability, functionality, and security fixes MFSA...

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3745-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3745-1 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing...

[ASA-202111-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202111-9 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015...

CentOS 7 : firefox (RHSA-2021:4116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4116 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

CentOS 7 : thunderbird (RHSA-2021:4134)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4134 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...