SUSE-SU-2022:2430-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 CyVDB-3042 Information disclosure in multiple applications CWE-200 - CVE-2022-29512 CyVDB-3111 Improper input...

JVN#14077132: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...

DLA-3063-1 systemd - security update

Bulletin has no description...

DLA-3059-1 maven-shared-utils - security update

Bulletin has no description...

DLA-3041-1 thunderbird - security update

Bulletin has no description...

DSA-5155-1 wpewebkit - security update

Bulletin has no description...

DLA-3032-1 pngcheck - security update

Bulletin has no description...

DLA-3026-1 filezilla - security update

Bulletin has no description...

DSA-5146-1 puma - security update

Bulletin has no description...

DLA-3016-1 rsyslog - security update

Bulletin has no description...

DLA-3015-1 ark - security update

Bulletin has no description...

Strapi vulnerable to cross-site scripting

Overview Strapi contains a stored cross-site scripting vulnerability CWE-79 in the file upload function. Yuta Morioka of Information Science College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitra...

DLA-2987-1 libarchive - security update

Bulletin has no description...

DLA-2985-1 golang-1.7 - security update

Bulletin has no description...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Arbitrary File Upload leading to RCE discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...

DLA-2983-1 abcm2ps - security update

Bulletin has no description...

WordPress Visual Form Builder plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Visual Form Builder plugin versions = 3.0.6. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.7...

SUSE-SU-2022:0915-1 Security update for lapack

This update for lapack fixes the following issues: - CVE-2021-4048: Fixed an out of bounds read when user input was not validated properly bsc1193562...

JVN#87751554: Multiple vulnerabilities in pfSense

pfSense software provided by Netgate contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2021-20729 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Improper...