CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

UBUNTU-CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox, which stems from the fact that by displaying form validity messages in the correct location, as well as permission prompts such as geolocation, the validity...

Mozilla: Validation message could have been overlaid on another origin

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

Mozilla: Validation message could have been overlaid on another origin

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

Mozilla: Validation message could have been overlaid on another origin

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

in cortezaproject/corteza-server

Set up the cortezaproject in your local machine. Steps: -------- 1. Create the account on corteza 2. Login using same credentails from chrome and firefox. 3. Change user password from chrome. 4. Perform any activity in Firefox the session is still valid. Mitigation: --------------- After changing...

CVE-2021-37193

Siemens SINEMA Remote Connect Server (all versions

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2021-39193 Transaction validity oversight in pallet-ethereum

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

Transaction validity oversight in pallet-ethereum

Impact A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction...

DEBIAN-CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

ARM mbed TLS 信任管理问题漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS has a security vulnerability that stems from the fact that the null algorithm parameter term is the same as the real array of size 0 and therefore the certificate is considered...

PT-2021-21813 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.8 Discourse versions prior to 2.8.0.beta4 Description: The issue concerns the email verification process in Discourse. When adding an extra email address to an existing account, an email token is generated. If...

File Upload Vulnerability in NetSign Signature Verification Server of Dongfang Tongweb Middleware of Beijing Xin'an Century Technology Co.

Ltd. provides signature verification server NetSign to provide digital signature services based on digital certificates for various types of electronic information data, electronic documents, etc., and verify the authenticity and validity of signatures on signed data; support user certificate...

SUSE-SU-2021:2423-1 Security update for systemd

This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service stack exhaustion in systemd PID 1 bsc1188063 Other fixes: - mount-util: shorten the loop a bit 7545 - mount-util: do not use the official MAXHANDLESZ 7523 - mount-util: tape over...

Siemens JT Utilities Null Pointer Dereference Vulnerability

Siemens JT Utilities is a software application from Siemens Germany. A security vulnerability exists in Siemens JT Utilities, which can be exploited by an attacker to cause a denial of service condition in an application due to a lack of iterator validity checking when parsing specially designed ...

Code injection

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

Code injection

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content...