[SECURITY] Fedora 41 Update: python3-docs-3.13.0~rc2-1.fc41

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 40 Update: python3.11-3.11.10-1.fc40

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 40 Update: python3.13-3.13.0~rc2-1.fc40

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

Fedora: Security Advisory (FEDORA-2024-486cb71423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-b3d904cade)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-44085

ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression IIFE for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883...

CVE-2023-50883

ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression IIFE, and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446...

PT-2024-13990 · Onlyoffice · Onlyoffice Docs

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Docs versions prior to 8.0.1 Description: The issue is related to an incorrect fix for a previous problem, which allows for Cross-Site Scripting XSS due to a macro being an immediately-invoked function expression IIFE. This enables...

PT-2024-30941 · Onlyoffice · Onlyoffice Docs

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Docs versions prior to 8.1.0 Description: The issue is related to a cross-site scripting XSS flaw in ONLYOFFICE Docs, which occurs through a GeneratorFunction Object attack on a macro. This is connected to the use of an...

CVE-2023-50883

ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression IIFE, and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446...

CVE-2023-50883

ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression IIFE, and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446...

CVE-2023-50883

ONLYOFFICE Docs prior to version 8.0.1 are affected. The issue stems from a macro implemented as an immediately-invoked function expression (IIFE) that enables sandbox escape by calling the Function constructor, leading to XSS. Impact per sources is XSS; affected component is the macro handling i...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenCV

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenCV Vulnerability Details CVEID:CVE-2023-2617 DESCRIPTION: OpenCV wechatqrcode Module is vulnerable to a denial of service, caused by a flaw in the DecodedBitStreamParser::decodeByteSegment function at...

[SECURITY] Fedora 40 Update: python3.13-3.13.0~rc1-3.fc40

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

Malicious code in nodejs-docs-samples-vision (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1cdc3327056c67e82939a16ed3db3bac39a19b9dbcadfe2aabfd9dbaa353635 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora: Security Advisory (FEDORA-2024-ce1992d46f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-80d1fe51d0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : python3-docs / python3.12 (2024-80d1fe51d0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-80d1fe51d0 advisory. Update to 3.12.5 Fixes CVE-2024-6923 email header injection Tenable has extracted the preceding description block directly from the Fedora security advisory...

PT-2024-31499 · Centralsquare · Centralsquare Crywolf

Name of the Vulnerable Software and Affected Versions: CentralSquare CryWolf False Alarm Management versions prior to 2024-08-09 Description: A traversal vulnerability in GeneralDocs.aspx allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter,...

GO-2023-1471 Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server

Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server...