10 matches found
OPENSUSE-SU-2026:20065-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208....
Medium: ecs-init
Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...
SUSE-SU-2024:4079-2 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747: - CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. - CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from...
ROS-2-1745
2.1745 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
OPENSUSE-SU-2021:1088-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...
Machform HTTP Host Header Injection Vulnerability
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...
MGASA-2020-0123 Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 80.0.3987.122 fixes security issues: Multiple flaws were found in the way Chromium 79.0.3945.130 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
MGASA-2017-0317 Chromium-browser 60.0.3112.101 fixes security issues
Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060,...
MGASA-2016-0105 Updated firefox packages fix security vulnerabilities
Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...
Bypassing content filtering
There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filters, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename o...