CVE-2020-13942

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest...

DSA-4797-1 webkit2gtk - security update

Bulletin has no description...

DLA-2459-1 golang-1.7 - security update

Bulletin has no description...

DSA-4794-1 mupdf - security update

Bulletin has no description...

OPENSUSE-SU-2020:1937-1 Security update for chromium

This update for chromium fixes the following issues: - Update to 86.0.4240.183 boo1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data...

DLA-2447-1 pacemaker - security update

Bulletin has no description...

DLA-2440-1 poppler - security update

Bulletin has no description...

JVN#57942454: Cybozu Garoon vulnerable to improper input validation

Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability CWE-20. Impact A user who can login to the product may delete some data of the bulletin board. Solution Update the software and Apply the patch Update the software to Cybozu Garoon version 5.0.2, and then...

DSA-4782-1 openldap - security update

Bulletin has no description...

OPENSUSE-SU-2020:1731-1 Security update for chromium

This update for chromium fixes the following issues: - Update to 86.0.4240.111 boo1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. -...

SUSE-SU-2020:3021-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 CVE-2020-15969 Use-after-free in usersctp CVE-2020-15683 Memory safety bugs fixed in Firefox 82...

WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

DLA-2405-1 httpcomponents-client - security update

Bulletin has no description...

DLA-2383-1 nfdump - security update

Bulletin has no description...

OPENSUSE-SU-2020:1527-1 Security update for chromium

This update for chromium fixes the following issues: Chromium was updated to 85.0.4183.121 boo1176791: - CVE-2020-15960: Out of bounds read in storage - CVE-2020-15961: Insufficient policy enforcement in extensions - CVE-2020-15962: Insufficient policy enforcement in serial - CVE-2020-15963:...

OPENSUSE-SU-2020:1501-1 Security update for libqt4

This update for libqt4 fixes the following issues: Fix buffer over-read in readxbmbody boo1176315, CVE-2020-17507 Fix 'double free or corruption' in QXmlStreamReader boo1118595, CVE-2018-15518 Fix QBmpHandler segfault on malformed BMP file boo1118596, CVE-2018-19873 Fix crash when parsing malform...

OPENSUSE-SU-2020:1359-1 Security update for curl

This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPTCONNECTONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the...

OPENSUSE-SU-2020:1322-1 Security update for chromium

This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.83 boo1175757 fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill -...

GHSA-2PQJ-H3VJ-PQGW Cross-Site Scripting in jquery

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors wh...

GHSA-C7PP-G2V2-2766 DOM-based XSS in gmail-js

Affected versions of gmail-js are vulnerable to cross-site scripting in the tools.parseresponse, helper.get.visibleemailspost, and helper.get.emaildatapost functions, which pass user input directly into the Function constructor. Recommendation Update to version 0.6.5 or later...