Improper Encoding or Escaping of Output

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the HtmlSanitizer component that fails to properly detect and strip percent-encoded BiDi...

EUVD-2021-1300

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-32708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specif...

Oracle Linux 6 : thunderbird (ELSA-2020-2049)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-2049 advisory. 68.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.8.0-1 - Update to 68.8.0 build2 Tenable has...

SUSE CVE-2019-11720

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting XSS filtering. This vulnerability affects Firefox 68...

SUSE CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...

Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem

Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...

GHSA-9F46-5R25-5WFM Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem

Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...

DEBIAN-CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

UBUNTU-CVE-2021-32708

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

CVE-2021-32708 Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the...

TOCTOU Race Condition enabling remote code execution

Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0074)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after- free. We are aware of targeted attack...

DEBIAN-CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...

Mozilla: Sender Email Address Spoofing using encoded Unicode characters

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...

Mozilla: Sender Email Address Spoofing using encoded Unicode characters

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...