November 5, 2019, update for Office 2016 (KB4484138)

November 5, 2019, update for Office 2016 KB4484138 This article describes update 4484138 for Microsoft Office 2016 that was released on November 5, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

Fedora 30 : mingw-libidn2 (2019-d3221d69e0)

Libidn 2.2.0 released 2019-05-23 ================================== - Perform A-Label roundtrip for lookup functions by default - Stricter check of input to punycode decoder - Fix punycode decoding with no ASCII chars but given delimiter - Fix idn2 --no-tr64 was a no-op - Allow as a basic code...

Fedora 29 : mingw-libidn2 (2019-a8d35fcf7c)

Libidn 2.2.0 released 2019-05-23 ================================== - Perform A-Label roundtrip for lookup functions by default - Stricter check of input to punycode decoder - Fix punycode decoding with no ASCII chars but given delimiter - Fix idn2 --no-tr64 was a no-op - Allow as a basic code...

PRODSECBUG-2398: Cross-Site Scripting via Customer Attribute Labels

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b17c86b9-e52e-11e9-86e9-001b217b3468)

SO-AND-SO reports : XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones Disclosu...

CVE-2019-17064

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor...

UBUNTU-CVE-2019-17064

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database

This script extracts all the labels found in the LST file that is given as the script's single argument. An x64dbg database is created in the current directory based on the extracted labels. The LST file can be generated in IDA from the File menu: Produce file - Create LST file... Example $ pytho...

CVE-2019-10108

An Incorrect Access Control issue 1 of 2 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels...

CVE-2019-10108

Removed by vendor...

CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...

CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...

XSS in the labels gadget - CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...

XSS in the labels gadget - CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...

FreeBSD : Gitlab -- Multiple vulnerabilities (da459dbc-5586-11e9-abd6-001b217b3468)

Gitlab reports : DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control 'move issue' Guest users of private projects have access to releases DoS potential on project languages page Recuri...

The vulnerability of the libvirt virtualization management package in the Astra Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the libvirt virtualization management package in the Astra Linux operating system is related to the incorrect assignment of token labels to external file storage systems with integrity control tokens enabled. Exploiting this vulnerability could allow an attacker to cause a...

DRUPAL-CONTRIB-2019-033

This module addresses the General Data Protection Regulation GDPR that came into effect 25th May 2018, and the EU Directive on Privacy and Electronic Communications from 2012. It provides a banner where you can gather consent from the user when the website stores cookies on their computer or...

Atlassian JIRA cross-site scripting vulnerability (CNVD-2019-22774)

Atlassian JIRA is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in the labels widget gadget in Atlassian JIRA versions prior to 7.6.11 and versions...