Tor Browser v9.0 - Everything you Need to Safely Browse the Internet

Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well including Tor to 0.4.1.6 and OpenSSL to 1.1.1d for desktop versions and Tor to 0.4.1.5 for Android. In addition to all the needed patch rebasing and toolchain updates, ...

Localization update - Moderately critical - Insecure server configuration - SA-CONTRIB-2019-072

This module enables you to automatically download and update the site's interface translation by fetching them from localize.drupal.org or any other Localization server. The module doesn't sufficiently protect the directory it stores translation files in. It's conventional for directories which m...

Code injection

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and...

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and...

Notepad++: A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file

Summary: A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file, when opening the Shortcut Mapper sub-menu Description: Setting a very long name attribute for specific xml tags in the nativeLang.xml will trigger a stack buffer overflow, due to missin...

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

Broken Access Control in Localization Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-003...

Language Support for Citrix Products

Globalization Status of Citrix Products This web page details the language support for current versions of Citrix products. Legend --- EN| English| IT| Italian DE| German| NL| Dutch ES| Spanish International | PT-BR| Brazilian Portuguese FR| French| DA| Danish JA| Japanese| SV| Swedish ZH-CN|...

GHSA-99QR-9CC9-FV2X Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...

Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...

Domain Name Consolidation - Observations from the Field

Domain Name Consolidation The market and marketing of Web property domain names is changing. Companies prefer to promote top level domains TLDs, have the option of selecting brand-relevant domain extensions e.g. SaaS.com, and no longer need country-relevant domains to optimize search engine resul...

[SECURITY] Fedora 27 Update: rubygem-i18n-0.7.0-6.fc27

Ruby Internationalization and localization solution...

Debian: Security Advisory (DLA-1584-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2018:3247-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 60.2.1 fixes the following issues: Update to Thunderbird 60.2.1: Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale Calendar: Switch to a Photon-style icon set for all...

WordPress WPML plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL servers to set up a personal blog site. WPML also known as sitepress-multilingual-cms is used in one of the multi-language support plug-ins. A cross-si...

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

Design/Logic Flaw

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability. POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 6.1...