SUSE-SU-2024:0472-1 Security update for tomcat

This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing bsc1216118. - CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows bsc1216120. - CVE-2023-42795: Improve handling of failures during recycle methods...

OPENSUSE-SU-2023:0178-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator boo1212742 - CVE-2023-24580: Fixed potential denial-of-service vulnerability in file uploads boo1208082 - CVE-2023-23969:...

CVE-2020-8503

The CVE-2020-8503 issue affects Biscom Secure File Transfer (SFT) versions 5.0.1050–5.1.1067 and 6.0.1000–6.0.1003. A vulnerability in the file-upload feature allows Insecure Direct Object Reference (IDOR) by an authenticated sender due to an error in how uploads are handled. The impact is descri...

Horos 2.1.0 Cross Site Scripting

Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X...

MGASA-2015-0438 Updated roundcubemail packages fix security vulnerability

The roundcubemail package has been updated to version 1.0.7, which fixes a XSS issue in drag-n-drop file uploads and other bugs. See the upstream release announcement for more details...