209 matches found
Improper access control
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...
CVE-2020-12432
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...
CVE-2020-12432
Summary: CVE-2020-12432 affects Collabora CODE/WOPI integration used by Vereign Collabora CODE up to version 4.2.2. The vulnerability arises from improper restriction of JavaScript delivery to a user’s browser and weak MIME-type access control, enabling cross-site scripting that can steal credent...
Collabora CODE / Collabora Online / LibreOffice Online / OxOffice Online / Claro drive Detection (HTTP)
HTTP based detection of Collabora CODE Collabora Online Development Edition, Collabora Online, LibreOffice Online, OxOffice Online, Claro drive and similar other LibreOffice Online based products. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a reference...
Debian DSA-2971-1 : dbus - security update
Several vulnerabilities have been discovered in dbus, an asynchronous inter-process communication system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-3477 Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an AccessDenied error to...
[SECURITY] [DSA 2971-1] dbus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2971-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso July 02, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2971-1] dbus security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2971-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso July 02, 2014 http://www.debian.org/security/faq -...
DSA-2971-1 dbus - security update
Bulletin has no description...
dbus -- local DoS
Simon MvVittie reports: Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to...