Linux Distros Unpatched Vulnerability : CVE-2019-1010091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...

GHSA-9HFW-CVF4-5X25 wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting XSS issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12...

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

Emby Server Proxy Header Spoofing Vulnerability (GHSA-fffj-6fr6-3fgf)

Emby Server is prone to a proxy header spoofing vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:emby:emby.releases...

CVE-2023-33193 Emby Server Proxy Header Spoofing Vulnerability

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

Emby Server 环境问题漏洞

Emby Server is a powerful media server for individual developers. The product can be used primarily for integrated multimedia editing such as video audio and photos. A security vulnerability exists in Emby Server versions prior to 4.7.12, which originates from a determination that may affect...

tinymce Media element component cross-site scripting vulnerability

tinymce is a JavaScript library for rich text editing . A cross-site scripting vulnerability exists in the Media element component in tinymce version 4.7.11, 4.7.12. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the...

CVE-2019-1010091

CVE-2019-1010091 affects TinyMCE 4.7.11/4.7.12 (Media element). The root cause is improper input neutralization (CWE-79) in the media element, enabling JavaScript execution when a user pastes malicious content into the media element embed tab. Impact is client-side code execution with low attack ...

Security fix for the ALT Linux 8 package samba-DC version 4.7.12-alt1

4.7.12-alt1 built Nov. 29, 2018 Evgeny Sinelnikov in task 216960 Nov. 27, 2018 Evgeny Sinelnikov - Update to autumn security release - Clean test module of thirdparty/iso8601 and subunit modules - Security fixes: + CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD Internal DNS...

Security fix for the ALT Linux 8 package samba version 4.7.12-alt1

4.7.12-alt1 built Nov. 29, 2018 Evgeny Sinelnikov in task 216960 Nov. 27, 2018 Evgeny Sinelnikov - Update to autumn security release - Clean test module of thirdparty/iso8601 and subunit modules - Security fixes: + CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD Internal DNS...

Unprivileged adding of CNAME record causing loop

Description All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. Patch Availability Patches addressing both these issues have been...