5 matches found
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins version 2.393 and earlier, LTS version 2.375.3 and earlier. An attacker...
SUSE-SU-2022:0821-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-...
Mozilla: Temporary files downloaded to /tmp and accessible by other local users
The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...
Mozilla: Temporary files downloaded to /tmp and accessible by other local users
The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...