Mozilla Thunderbird ESR Security Update (mfsa_2025-72) - Mac OS X

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Malicious code in service-content-consumers (npm)

The package service-content-consumers was found to contain malicious code...

MAL-2025-33010 Malicious code in service-content-consumers (npm)

The package service-content-consumers was found to contain malicious code...

FreeBSD : Gitlab -- Vulnerabilities (1a8c5720-e9cf-11ef-9e96-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1a8c5720-e9cf-11ef-9e96-2cf05da270f3 advisory. Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symb...

CVE-2019-20591

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 July 2019...

CVE-2018-17200

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

Design/Logic Flaw

IBM WebSphere Partner Gateway WPG 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet aka RNIF document to a backend application, related to 1 "altered service content" and 2 "digital...

CVE-2009-0440

IBM WebSphere Partner Gateway WPG 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet aka RNIF document to a backend application, related to 1 "altered service content" and 2 "digital...

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...

webxdos.txt

Web Crossing 4.x/5.x Denial of Service Vulnerability Credit: Author : Peter Winter-Smith Software: Package : Web Crossing Versions : 4.x/5.x Vendor : WebCrossing, Inc. Vendor Url : http://www.webcrossing.com/ Vulnerability: Bug Type : Denial of Service Severity : Less Critical 1. Description of...

CVE-2002-1828

Savant Webserver 3.1 allows remote attackers to cause a denial of service crash via an HTTP GET request with a negative Content-Length value...