Gwyn's Imagemap Selector Security Vulnerabilities

Microsoft Dynamics CRM 2011 Update Rollup 16

Microsoft Dynamics CRM 2011 Update Rollup 16 INTRODUCTION Update Rollup 16 for Microsoft Dynamics CRM 2011 is available. This article describes the hotfixes and updates that are included in this update rollup. This rollup is available for all languages that are supported by Microsoft Dynamics...

MediaWiki 1.31.x < 1.31.7, 1.33.x < 1.33.3 and 1.34.0 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple...

MediaWiki 1.31.x < 1.31.7, 1.33.x < 1.33.3 and 1.34.0 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

Cross site scripting

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2020-1949

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS...

CVE-2020-1949

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS...

CVE-2020-1949

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS...

Cross site scripting

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS...

CVE-2020-1949

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS...

FreeBSD : mediawiki -- multiple vulnerabilities (090763f6-7030-11ea-93dd-080027846a02)

MediaWiki reports : Security fixes : T246602:jquery.makeCollapsible allows applying event handler to any CSS...

openSUSE Security Update : strongswan (openSUSE-2020-403)

This update for strongswan fixes the following issues : Strongswan was updated to version 5.8.2 (jsc#SLE-11370). Security issue fixed : CVE-2018-6459: Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation (bsc#1079548). ...

Security update for strongswan (moderate)

An update that fixes one vulnerability is now available. Description: This update for strongswan fixes the following issues: Strongswan was updated to version 5.8.2 (jsc#SLE-11370). Security issue fixed: CVE-2018-6459: Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures...

makeCollapsible allows applying event handler to any CSS selector

More info at...

SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2020:0743-1)

This update for strongswan fixes the following issues : Strongswan was updated to version 5.8.2 (jsc#SLE-11370). Security issue fixed : CVE-2018-6459: Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation (bsc#1079548). Full...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 (RHSA-2020:0804)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0804 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 (RHSA-2020:0805)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0805 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 8 (RHSA-2020:0806)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0806 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application...

(RHSA-2020:0806) Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 8 security update

This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.7 Release Notes for information about the most...

(RHSA-2020:0805) Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 security update

This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.7 Release Notes for information about the most...

(RHSA-2020:0804) Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 security update

This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.7 Release Notes for information about the most...

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T246602:jquery.makeCollapsible allows applying event handler to any CSS ...

Active PayPal Phishing Scam Targets SSNs, Passport Photos

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports. The campaign starts with a fairly run-of-the-mill...

Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator

Summary There are multiple security vulnerabilities in ActiveMQ that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection...

Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1450)

The remote host is missing an update for the Huawei...

Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution

Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessage. The first blog post introduced the exploited vulnerability, and the second blog post described a way to perform a heapspray, leaking the shared cache base...

Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services

I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a) creating a LoadBalancer service...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15211: There was a use-after-free caused by a malicious USB device in drivers/media/v4l2-core/v4l2-dev.c (bnc#1146519). CVE-2019-15213: There was a...

Security update for the Linux Kernel (important)

An update that solves 38 vulnerabilities and has 92 fixes is now available. Description: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2019-15211: There was a use-after-free caused by a malicious USB ...

Debian: Security Advisory (DLA-1999-1)

The remote host is missing an update for the...

Fedora 31 : php-symfony3 (2019-8b0ba02338)

Version 3.4.35 (2019-11-13) bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas) security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas) security #cve-2019-18888 [HttpFoundation] fix guessing ...

Debian DLA-1999-1 : symfony security update

Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian 8 'Jessie', these problems have been fixed in version 2.3.21+dfsg-4+deb8u6. We recommend that you...

Debian: Security Advisory (DSA-4573-1)

The remote host is missing an update for the...

Debian DSA-4573-1 : symfony - security update

Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via...

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via...

[SECURITY] [DSA 4573-1] symfony security update

Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq Package : symfony CVE ID : CVE-2019-18887 CVE-2019-18888...

kernel security, bug fix, and enhancement update

[4.18.0-147.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-147] - [x86] perf/x86/intel: Fix spurious NMI on fixed counter....

Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls

...

CVE-2017-2583

Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest,...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 (RHSA-2019:2936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2936 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update (Important) (RHSA-2019:2935)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2935 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 (RHSA-2019:2937)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2937 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application...

Exploit for XML Injection (aka Blind XPath Injection) in Nsa Ghidra

CVE-2019-16941 Proof-of-Concept: The vulnerability...

(RHSA-2019:2937) Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update

This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most...

(RHSA-2019:2936) Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update

This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most...