2 matches found
GHSA-8M32-P958-JG99 Directus: Missing Cross-Origin Opener Policy
Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...
CLSA-2022-1654802345 Fix CVE(s): CVE-2022-28463, CVE-2020-27760
SECURITY UPDATE: Division by zero - debian/patches/CVE-2020-27760.patch: Fix divisions by zeros in magick/enhance.c - CVE-2020-27760 SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2022-28463.patch: Fix buffer overflow - CVE-2022-28463 Fix several issues with undefined behavior: ...