130 matches found
CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...
CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...
Directory traversal
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...
CVE-2021-33491
OX App Suite (Open-Xchange) up to version 7.10.5 is affected by a Directory Traversal vulnerability triggered by ../ in OOXML/ODF ZIP archives, stemming from mishandling of relative paths in mail addresses with auto-configuration DNS records. The issue allows traversal in archives and could enabl...
CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...
Critical Bug Reported in NPM Package With Millions of Downloads Weekly
A widely used NPM package called 'Pac-Resolver' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. The flaw, tracked ...
Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2019-2949 (deferred from Oracle Oct 2019 CPU)
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos componen...
VAN UI freezes after KB2813956 is applied in Windows 7
VAN UI freezes after KB2813956 is applied in Windows 7 Symptoms Consider the following scenario: You have a Windows 7-based computer that uses mobile broadband connection. You apply the KB2813956 update on the computer. You roam through different network providers. For example, this occurs when y...
Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2019-1571)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Proxy Auto-Configuration (PAC) configuration file in the Apache NetBeans application development environment allows a hacker to execute arbitrary code.
The vulnerability of the Proxy Auto-Configuration PAC configuration file of the Apache NetBeans application development environment is related to the lack of measures taken to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to execute...
NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0169)
The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a...
CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
Code injection
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
CVE-2019-11552
Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...
EulerOS 2.0 SP3 : firefox (EulerOS-SA-2019-1571)
According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788 - Mozilla: Use-after-free when removing in-use DOM elements...
Unauthorised Access
Mozilla Thunderbird is vulnerable to unauthorised access. Proxy Auto-Configuration file can define localhost access to be proxied...
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
EulerOS 2.0 SP2 : firefox (EulerOS-SA-2019-1282)
According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788 - Mozilla: Use-after-free when removing in-use DOM elements...