14 matches found
TYPO3 powermail 安全漏洞
TYPO3 powermail is a mail form extension for TYPO3 open source. A security vulnerability exists in TYPO3 powermail versions 12.0.0 through 12.5.2 and 13.0.0, which stems from an insecure direct object reference that could lead to the download of arbitrary files from a web server...
SUSE-SU-2025:20452-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: - Updated to 12.5.2: CVE-2025-22247: Fixed Insecure file handling bsc1243106...
SUSE-SU-2025:20379-1 Security update for open-vm-tools
This update for open-vm-tools fixes the following issues: - Updated to 12.5.2: CVE-2025-22247: Fixed insecure file handling bsc1243106 - Fixed gcc15 compile time error bsc1241938...
CVE-2021-1879
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...
OpenText Exceed Turbo X Security Vulnerability
OpenText Exceed Turbo X is a virtual desktop software from OpenText Canada. A security vulnerability exists in OpenText Exceed Turbo X versions 12.5.1 and 12.5.2 that stems from the use of hard-coded encryption keys in the application...
CVE-2023-34939
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution RCE vulnerability via the component UploadProgress.ashx...
PT-2023-4141 · Onlyoffice · Onlyoffice Community Server
Name of the Vulnerable Software and Affected Versions: Onlyoffice Community Server versions prior to 12.5.2 Description: The issue is related to a remote code execution vulnerability in the UploadProgress.ashx component. It is associated with errors in handling the relative path to a directory wi...
CVE-2021-1879
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...
Cross site scripting
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...
CVE-2021-1879
CVE-2021-1879 affects Apple WebKit/WebKit-based parsing in iOS/iPadOS/watchOS (WebKit component). The issue is a cross-site scripting vulnerability triggered by processing malicious web content, potentially leading to universal XSS. Root cause: improved management of object lifetimes in WebKit/CS...
CVE-2021-1879
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...
CVE-2021-1879
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...
VMware Workstation Drag and Drop File Vulnerability
VMware Workstation is a desktop virtual computer. A drag-and-drop file vulnerability exists in VMware Workstation version 12.5.2. An attacker can exploit the vulnerability to launch a denial of service attack...
Apple iTunes < 12.5.2 Multiple Vulnerabilities (Uncredentialed Check)
The version of Apple iTunes running on the remote Windows host is prior to 12.5.2 It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in WebKit when handling the location attribute due to improper validation of user-supplied input. An...