1065 matches found
DLA-3786-1 pillow - security update
Bulletin has no description...
DLA-3781-1 libgd2 - security update
Bulletin has no description...
DLA-3782-1 util-linux - security update
Bulletin has no description...
Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Chaty New Widget" 2...
a-blog cms vulnerable to directory traversal
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
DLA-3752-1 libuv1 - security update
Bulletin has no description...
OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
Overview OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
DSA-5631-1 iwd - security update
Bulletin has no description...
DSA-5616-1 ruby-sanitize - security update
Bulletin has no description...
DSA-5615-1 runc - security update
Bulletin has no description...
Multiple vulnerabilities in a-blog cms
Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation CWE-20 - CVE-2024-23180 Cross-site scripting CWE-79 - CVE-2024-23181 Relative path traversal CWE-23 - CVE-2024-23182 Cross-site scripting CWE-79 - CVE-2024-23183 Improper input...
DSA-5589-1 nodejs - security update
Bulletin has no description...
SUSE-SU-2023:4938-1 Security update for wireshark
This update for wireshark fixes the following issues: Update to 3.6.19: - CVE-2023-6175: NetScreen file parser crash bsc1217272...
DLA-3686-2 xorg-server - security update
Bulletin has no description...
MGASA-2023-0346 Updated gimp packages fix security vulnerabilities
GIMP has been updated to version 2.10.36 to fix several security issues. CVE-2023-44441: GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2023-44442: GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2023-44443: GIMP P...
CAOS < 4.7.15 - Unauthenticated Settings Update
Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...
JVN#46895889: RakRak Document Plus vulnerable to path traversal
RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. Solution Update the Software Update the software to t...
DLA-3670-1 minizip - security update
Bulletin has no description...
SUSE-SU-2023:4588-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.5.0 MFSA 2023-52 bsc1217230 CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6205: Use-after-free in MessagePort::Entangled CVE-2023-6206: Clickjacking permission prompts using the...
OSS Calendar vulnerable to SQL injection
Overview OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...