OPENSUSE-SU-2019:2183-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed...

Ubuntu 16.04 LTS / 18.04 LTS : LibreOffice vulnerability (USN-4138-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4138-1 advisory. It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted...

CVE-2019-12068

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in lsiexecutescript, the LSI scsi adapter emulator advances 's-dsp' index to read next opcode. This can lead to an infinite loop if the nex...

Debian: Security Advisory (DLA-1927-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2019:2402-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-31853)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

WordPress Checklist Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Checklist, which can be exploited ...

WordPress Ellipsis Human Presence Technology Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Ellipsis Human Presence Technology...

WordPress Qwiz Online Quizzes And Flashcards Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Qwiz Online Quizzes And Flashcards...

.NET Core SDK Multiple Vulnerabilities (Sep 2019)

ASP.NET Core SDK is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:.netcoresdk";...

Microsoft SharePoint CVE-2019-1259 Spoofing Vulnerability

Description Microsoft SharePoint is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft SharePoint...

Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Directory traversal

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

CVE-2019-9854 Unsafe URL assembly flaw in allowed script location check

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

openSUSE: Security Advisory for libreoffice (openSUSE-SU-2019:2057-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:2057-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed LibreLogo global-event scrip...

Kaseya VSA agent 9.5 - Privilege Escalation

Kaseya VSA agent 9.5 - Privilege Escalation Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive...

Security update for libreoffice (important)

openSUSE Security Update: Security update for libreoffice Announcement ID: openSUSE-SU-2019:2057-1 Rating: important References: 1133534 1141861 1141862 1146098 1146105 1146107 Cross-References: CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 Affected Products: openSUSE Leap...

CVE-2019-4133

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side with access to client computer to run a custom script. IBM X-Force ID: 158278...

Design/Logic Flaw

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side with access to client computer to run a custom script. IBM X-Force ID: 158278...