Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

RHSA-2022:4589: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1520: Mozilla: Incorrect security status shown after viewing an attached email * CVE-2022-29909: Mozilla: Bypassing permission prompt in nested browsing contexts * CVE-2022-29911: Mozilla: iframe Sandbox bypass * CVE-2022-29912: Mozilla: Reader mode bypassed SameSite cookies * CVE-2022-29913: Mozilla: Speech Synthesis feature not properly disabled ...

Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#perl#aws#ibm#firefox#sap
CVE-2022-24890: Connection can not be established without camera permission · Issue #7048 · nextcloud/spreed

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.

T-Soft E-Commerce 4 Cross Site Scripting

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

CVE-2022-24108: Responsive OpenCart 3.0.x & OpenCart 2.x Module - So Listing Tabs

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.

Long lost @ symbol gets new life obscuring malicious URLs

A little-used feature of web addresses is being used to obfuscate malicious phishing URLs. The post Long lost @ symbol gets new life obscuring malicious URLs appeared first on Malwarebytes Labs.

CVE-2022-1512: WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting ≈ Packet Storm

The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

WordPress WP Event Manager 3.1.27 Cross Site Scripting

WordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability.

CVE-2022-30401: bug_report/SQLi-14.md at main · k0xx11/bug_report

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=.