7 matches found
SUSE CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service system crash via the Fast Open feature, as demonstrated by visiting the chrome://flags/enable-tcp-fast-open URL wh...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to 1 hijack the authentication of administrators for requests that create a user via a request to...
CVE-2015-4631
Multiple cross-site scripting XSS vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the 1 tag parameter to opac-search.pl; the 2 value parameter to...
Cross site scripting
Cross-site scripting XSS vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name...
CVE-2015-4639
Cross-site scripting XSS vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name...
CVE-2015-4639
Cross-site scripting XSS vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name...
CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service system crash via the Fast Open feature, as demonstrated by visiting the chrome://flags/enable-tcp-fast-open URL wh...