openSUSE Security Update : yast2-rmt (openSUSE-2019-1089)

This update for yast2-rmt to 1.2.2 fixes the following issues : Security issue fixed : - CVE-2018-20105: Pass SSL password to Cheetah CLI interface securely bsc1119835 Non-security issues fixed : - Launch as root from gnome-shell menu bsc1123562 - Remove broken hyperlink from help bsc1120672 This...

Security update for yast2-rmt (moderate)

openSUSE Security Update: Security update for yast2-rmt Announcement ID: openSUSE-SU-2019:1089-1 Rating: moderate References: 1119835 1120672 1123562 Cross-References: CVE-2018-20105 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...

SUSE-SU-2019:0629-1 Security update for yast2-rmt

This update for yast2-rmt to 1.2.2 fixes the following issues: Security issue fixed: - CVE-2018-20105: Pass SSL password to Cheetah CLI interface securely bsc1119835 Non-security issues fixed: - Launch as root from gnome-shell menu bsc1123562 - Remove broken hyperlink from help bsc1120672...

CVE-2018-20240

The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...

FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)

Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...

The vulnerability of the Media Player component of the Windows operating system, related to errors in memory object handling mechanisms, allows a perpetrator to gain access to confidential information.

The vulnerability of the Media Player component of the Windows operating system is related to errors in the memory object handling mechanisms. Exploiting this vulnerability can allow a malicious actor, acting remotely, to gain access to confidential information through a specially crafted hyperli...

Microsoft Windows VCF Remote Code Execution Exploit

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

The vulnerability of the Windows Media Player component of the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of Windows Media Player on the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to determine whether files exist on the disk by using a specially created hyperlink...

Microsoft Windows Media Player Information Disclosure Vulnerability (CNVD-2018-20735)

Microsoft Windows Server 2016 and others are a series of operating systems released by Microsoft Corporation, U.S.A. Windows Media Player is one of the media players. An information disclosure vulnerability exists in Microsoft Windows Media Player. The vulnerability can be exploited by an attacke...

Windows Media Player Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially...

Windows Media Player Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially...

CVE-2018-8316

A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10...

Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2018-16846)

Internet Explorer is a web browser from Microsoft. A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability stems from the program not properly validating hyperlinks before loading executable libraries. A remote attacker could exploit the vulnerability to...

Microsoft Office Word Preview Unsafe Hyperlink Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the displa...

CVE-2017-5422

If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox 52 and Thunderbird 52...

Code injection

If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox 60...

Design/Logic Flaw

If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox 52 and Thunderbird 52...

CVE-2018-5169

If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox 60...

CVE-2017-5422

If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox 52 and Thunderbird 52...

CVE-2017-5422

If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox 52 and Thunderbird 52...