7657 matches found
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.6.0-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For mor...
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.6.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentqueue parameter in the path of the queues endpoint. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the web page. Details Cross-site scripting or XS...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentqueue portion of the path on the /queues endpoint. An attacker can manipulate the output of the web page by injecting malicious scripts into the URL path. Details Cross-site scripting or XSS is a...
PT-2023-31623 · Resque · Resque
Name of the Vulnerable Software and Affected Versions: Resque versions prior to 2.1.0 Description: The issue is related to reflected Cross Site Scripting XSS through the current queue parameter in the path of the queues endpoint. This allows for potential exploitation by manipulating the endpoint...
CVE-2023-48387
TAIWAN-CATWCA JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an...
PT-2023-30811 · Unknown · Jcicsecuritytool
Name of the Vulnerable Software and Affected Versions: JCICSecurityTool affected versions not specified Description: The issue arises from the JCICSecurityTool's failure to check the source website and access locations when executing multiple Registry-related functions. If a user, who has complet...
Microsoft Excel SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...
Adobe Illustrator JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J...
Adobe Illustrator JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J...
Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...
PT-2023-35641 · Fasterxml · Jackson-Dataformat-Xml
Name of the Vulnerable Software and Affected Versions: Jackson Dataformat YAML affected versions not specified Description: A security exception occurs in the Jackson Dataformat YAML library, specifically in the com.fasterxml.jackson.dataformat.yaml.YAMLParser class, when the currentName or...
Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2023-47577
An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password...
Microsoft Skype Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...
Microsoft Word SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...
Adobe Substance 3D Designer 缓冲区错误漏洞
Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer version 13.0.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the current user's...
Adobe After Effects 缓冲区错误漏洞
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...