CVE-2021-24369

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...

CVE-2020-14329

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The...

CVE-2020-14329

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The...

opensc security, bug fix, and enhancement update

0.20.0-4 - Use file cache by default 1892810 - Avoid calloc with 0 argument 1895401 0.20.0-3 - Support PIN change for HID Alt tokens 1830901 - Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572 - Fix right padding of token labels of some cards 1877973...

GHSA-2V6X-FRW8-7R7F Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...

OPENSUSE-SU-2021:0730-1 Security update for netdata

This update for netdata fixes the following issues: - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsoleted...

4 Major Privacy and Security Updates From Google You Should Know About

Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. "Today we ask people who have...

CVE-2021-24250

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin...

Authorization Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to authorization bypass. The insecure configuration in GCE-type bound labels for GCP auth method could allow for an attacker to bypass authorization and access otherwise restricted actions...

CVE-2021-22199

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used...

Cross site scripting

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used...

CVE-2021-22199

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used...

UBUNTU-CVE-2021-22199

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used...

CVE-2021-22199

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used...

CVE-2021-22199

CVE-2021-22199 (GitLab) affects all GitLab versions starting with 12.9 and later. The issue is a stored cross-site scripting (XSS) vulnerability that can be triggered when scoped labels are used. The available sources in the connected documents describe the flaw and its impact as a stored XSS in ...

PT-2021-14910 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.9 and later Description: An issue has been discovered in GitLab where it is vulnerable to a stored XSS if scoped labels were used. Recommendations: For GitLab versions 12.9 and later, at the moment, there is no information...

UBUNTU-CVE-2021-30157

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...

PT-2021-3353 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue exists due to the lack of protection for the web page structure, allowing a remote attacker to conduct cross-site scripting X...

Privoxy 安全漏洞

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

PT-2024-10834 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been resolved in the Linux kernel. The problem occurs when the lm3554 platform data func call returns an error, resulting in a memory leak on the error return...