MiracleLinux 4 : spice-xpi-2.4-1.AXS4.2 (AXSA:2011-154:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2011-154:01 advisory. SPICE extension for mozilla allows the client to be used from a web browser. Security issues fixed with this release: CVE-2011-0012 CVE-2011-1179 No...

CVE-2018-18513

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...

EUVD-2018-10238

Malware in sbrugna...

RHSA-2011:0426 Red Hat Security Advisory: spice-xpi security update

Bulletin has no description...

RHSA-2010:0651 Red Hat Security Advisory: spice-xpi security and bug fix update

Bulletin has no description...

RHSA-2011:0427 Red Hat Security Advisory: spice-xpi security update

Bulletin has no description...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

Design/Logic Flaw

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

CVE-2023-52239

CVE-2023-52239 affects Magic xpi Integration Platform 4.13.4. The XML parser is vulnerable to XML External Entity (XXE) attacks, e.g., via onItemImport. Impacts include potential disclosure or manipulation of downstream data where XML is processed; exploitation details are not fully provided in t...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

PT-2024-14500 · Magic · Magic Xpi Integration Platform

Name of the Vulnerable Software and Affected Versions: Magic xpi Integration Platform version 4.13.4 Description: The XML parser in Magic xpi Integration Platform allows XXE attacks, for example, via onItemImport. Recommendations: For Magic xpi Integration Platform version 4.13.4, consider...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

SUSE CVE-2004-0906

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code...

Denial Of Service (DoS)

thunderbird is vulnerable to denial of service DoS. The vulnerability exists when processing a crafted S/MIME message or an XPI package containing a crafted signature...

Arbitrary Code Execution

spice-xpi is vulnerable to arbitrary code execution. The vulnerability exists as an uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

Code injection

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...

CVE-2018-18513

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...

UBUNTU-CVE-2018-18513

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...