SUSE-SU-2024:1486-2 Security update for cosign

This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...

CVE-2024-38504

CVE-2024-38504 impacts JetBrains YouTrack prior to 2024.2.34646, where the Guest User Account could attach files to articles. The underlying issue is that guest access allowed file attachments to article content, enabling a potential information exposure via user-generated content. The vulnerabil...

PT-2024-5574

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.7 and earlier, 1.6.x through 1.6.7 Description The issue exists due to inadequate protection of the web page structure in the rcmail action mail get-run function of the Roundcube Webmail client. Exploitation of this issu...

CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server...

CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server...

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

Can access comments and attachments of deleted cards

None...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.6.6, prior to 1.7.5, prior to 1.8.7, prior to 1.9.6, prior to 1.11.3, and prior to...

CVE-2024-27845

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments...

CVE-2024-27845

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments...

CVE-2024-27845

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments...

CVE-2024-27845

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments...

CVE-2024-27845

CVE-2024-27845 describes a privacy issue in Apple iOS/iPadOS where an app may access Notes attachments due to how temporary files were handled. The connected documentation confirms the root cause as improved handling of temporary files, with a fix implemented in iOS 17.5 and iPadOS 17.5. Impact i...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.5 and iPadOS version 17.5, which originates from an application th...

[SECURITY] Fedora 40 Update: keepassxc-2.7.8-2.fc40

KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management...

CVE-2024-4274

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-3230

The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-3230 Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...