Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 KB5029388 Notice We have re-released the Exchange Server 2019 and 2016 August 8, 2023, security update SU to address the localization issue that caused installations on non-English operating systems OS ...

Exchange Server security updates updated

Microsoft has re-released the August 2023 Security Updates SUs for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems OSes that caused Setup to stop unexpectedly, leaving Exchange services ...

Karma Catches Up to Global Phishing Service 16Shop

Youve probably never heard of "16Shop," but theres a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a...

Code injection

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

CVE-2023-38510 Tolgee Lacks Permission Check for API Key for some endpoints

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

CVE-2023-38510

Tolgee CVE-2023-38510 affects Tolgee versions 3.14.0 through 3.23.1. The issue is that API-key requests bypass permission scope checks, effectively bypassing authorization for some endpoints. This vulnerability can enable unauthorized access if API keys are exposed on the internet; cases where ke...

PT-2023-26488 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions 3.14.0 through 3.23.1 Description: Tolgee is an open-source localization platform. When a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing...

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-2380)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in blossom-flex-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45835a19933049983c803d03cb5c9fe34157fa2a4d00823f43d60983bbc79966 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-136 Malicious code in blossom-flex-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45835a19933049983c803d03cb5c9fe34157fa2a4d00823f43d60983bbc79966 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place

...

AlmaLinux 9 : git (ALSA-2023:3245)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3245 advisory. - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7,...

DEBIAN-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

CVE-2012-10014

A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backendlocalizationadminsettings/backendlocalizationsavesetting/backendlocalizationloginform/localizebackend of the file backendlocalization.php. The...

Cross site scripting

A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backendlocalization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely...

CVE-2012-10014 Kau-Boy Backend Localization Plugin backend_localization.php localize_backend cross site scripting

A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backendlocalizationadminsettings/backendlocalizationsavesetting/backendlocalizationloginform/localizebackend of the file backendlocalization.php. The...

CVE-2012-10014

CVE-2012-10014 affects Kau-Boy Backend Localization Plugin for WordPress (version 2.0). The vulnerability resides in backend_localization.php (functions backend_localization_admin_settings, backend_localization_save_setting, backend_localization_login_form, localize_backend) and enables cross-sit...

CVE-2012-10014 Kau-Boy Backend Localization Plugin backend_localization.php localize_backend cross site scripting

A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backendlocalizationadminsettings/backendlocalizationsavesetting/backendlocalizationloginform/localizebackend of the file backendlocalization.php. The...

CVE-2012-10013

CVE-2012-10013 affects the WordPress plugin “Kau-Boy Backend Localization Plugin” up to version 1.6.1. The vulnerability lies in the file backend_localization.php where input/processing leads to cross-site scripting (XSS) . It can be exploited remotely over the network. Remediation provided in th...