CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45071)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-35153)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

OPENSUSE-SU-2023:0345-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to version 1.6.4 boo1216429: CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages Fix PHP8 warnings Fix default 'mime.types' path on Windows Managesieve: Fix javascript error when relational or...

OPENSUSE-SU-2019:2591-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.26.2 fixes the following issues: Webkit2gtk3 was updated to version 2.26.2 WSA-2019-0005 and WSA-2019-0006, bsc1155321 bsc1156318 Security issues addressed: - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead t...

[SECURITY] [DSA 4554-1] ruby-loofah security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4554-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...

SUSE-SU-2019:2335-1 Security update for python-Django1

This update for python-Django1 to version 1.11.23 fixes the following issues: - CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' bsc1142880. - CVE-2019-14233: Fixed a denial of service in striptags bsc1142882. - CVE-2019-14234: Fixed an SQL injection in key and index...

Important: Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold

Updated versions of the Apache HTTP server, PHP, and modssl are now available which close possible buffer overflows in the Apache HTTP server benchmarking tool, fixes two cross-site scripting vulnerabilities in the error pages, and fix possible local privilege escalation. These updates also fix...