18 matches found
EUVD-2023-46898
Malicious code in bioql PyPI...
CVE-2023-42452
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to...
PT-2025-20062 · Samsung · Samsung Notes
Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.29.23 Description: The issue concerns the use of implicit intent for sensitive communication in translation, allowing local attackers to obtain sensitive information. User interaction is required to trigger...
Design/Logic Flaw
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to...
CVE-2023-42452 Mastodon vulnerable to Stored XSS through the translation feature
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to...
Mastodon Cross-Site Scripting Vulnerability
Mastodon is an open source social network server based on ActivityPub. A cross-site scripting vulnerability exists in Mastodon versions prior to 3.5.14, prior to 4.0.10, prior to 4.1.8, and prior to 4.2.0-rc2, which stems from the fact that under certain circumstances, an attacker can abuse the...
PT-2023-28351 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 4.0.10 Mastodon versions prior to 4.2.8 Mastodon versions prior to 4.2.0-rc2 Description: Mastodon is a free, open-source social network server based on ActivityPub. In certain conditions, attackers can abuse the...
SUSE CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
DEBIAN-CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape via installation of malicious language pack
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape via installation of malicious language pack
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape via installation of malicious language pack
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape via installation of malicious language pack
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape via installation of malicious language pack
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Mozilla: Sandbox escape via installation of malicious language pack
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
UBUNTU-CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
CVE-2018-0017
A vulnerability in the Network Address Translation - Protocol Translation NAT-PT feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device...
Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting
source: https://www.securityfocus.com/bid/37960/info Cisco Secure Desktop is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...