Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

UBUNTU-CVE-2022-28282

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

CVE-2022-28282

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

weblate parameter injection vulnerability

Weblate is a web-based free software continuous localization system from Copyleft. weblate is vulnerable to a parameter injection vulnerability that results from a lack of filtering and escaping of user-submitted parameters, which can be exploited by attackers to cause command execution...

GHSA-H2G5-2RHX-FFGJ Duplicate Advisory: Command injection in Weblate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3872-f48p-pxqj. This link is maintained to preserve external references. Original Description Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate...

PYSEC-2022-162

Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new...

PYSEC-2022-35

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...

CVE-2022-24710

Weblate (WeblateOrg/weblate) is affected by CVE-2022-24710. Versions before 4.11 fail to properly neutralize user input in the username and language fields, enabling cross-site scripting via these fields. The issue was fixed in the 4.11 release; users unable to upgrade are advised to implement th...

CVE-2022-21156

Access of uninitialized pointer in the IntelR Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access...

SUSE-SU-2021:4063-1 Security update for icu.691

This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. jscSLE-17893 - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as...

ALSA-2021:4201 Moderate: babel security and bug fix update

Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc. Security Fixes: python-babel: Relative path traversal allows attacke...

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of...

SquirrelWaffle Loader Malspams, Packs Qakbot, Cobalt Strike

SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike – two of the most common threats regularly observed targeting organizations around the world. Cisco Talos researchers said on Tuesday...

October 5, 2021, update for Office 2016 (KB4462197)

October 5, 2021, update for Office 2016 KB4462197 This article describes update 4462197 for Microsoft Office 2016 that was released on October 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

Incorrect Authorization in TYPO3 extension

The l10nmgr aka Localization Manager extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure translatable fields...

Virtuozzo Hybrid Infrastructure 4.6 (4.6.0-208)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers' operability. The improvements cover compute services, object storage, monitoring, security, localization, and the user interface. Additionally, this release delivers stability...