[SECURITY] Fedora 38 Update: atril-1.26.2-2.fc38

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...

golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...

Microsoft Edge’s vulnerability, related to security configuration errors, allows a hacker to bypass the sandbox protection mechanism and execute arbitrary code.

The vulnerability of Microsoft Edge relates to errors in security settings when processing HTML content. Exploiting this vulnerability allows a malicious actor to bypass sandbox protections and execute arbitrary code using a specially created file or web page...

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu version 2.0.0 and later versions, which stems from the execution of HTML when a tag name is listed in an autocomplete form...

WordPress plugin Better Search Replace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

The vulnerability of the software for managing and configuring connected ASUS Armory Crate devices, related to errors in processing hypertext links, allows a perpetrator to gain unauthorized access to arbitrary files.

The vulnerability of the software for managing and configuring connected ASUS Armory Crate devices is related to errors in processing hypertext links. Exploiting this vulnerability can allow an attacker to gain unauthorized access to arbitrary files...

Statamic Cross-Site Scripting Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A cross-site scripting vulnerability exists in Statamic that stems from an attacker being able to craft and upload HTML files that look...

Label Studio 代码问题漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats . A code issue vulnerability exists in Label Studio versions prior ...

[SECURITY] Fedora 39 Update: atril-1.26.2-1.fc39

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...

SUSE CVE-2024-0804

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Kanboard Security Breach

Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels according to the business. A security vulnerability exists in Kanboard version 1.2.34 that stems from vulnerability to HTML injection attacks...

The vulnerability of the Documents component of the Oracle One-to-One Fulfillment application system, a business automation solution from Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Documents component in the Oracle One-to-One Fulfillment system, a business automation solution from Oracle E-Business Suite, exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to...

The vulnerability of the sub-component “Engineering Change Order” of the “Oracle Application Object Library” component in the Oracle E-Business Suite system, which allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the sub-component “Engineering Change Order” of the Oracle Application Object Library in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modif...

The vulnerability of the file loading component of the Oracle Web Applications Desktop Integrator software allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the file loading component of the Oracle Web Applications Desktop Integrator software relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of protected information through the use of...

The vulnerability of the sub-component of the CRM User Management Framework in the Oracle Common Applications of the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of the Oracle Common Applications system, part of the Oracle E-Business Suite, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, add, or delete...

The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite system allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the ECC sub-component of the Oracle iStore component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

The vulnerability of the sub-component “Engineering Change Order” of the Oracle Installed Base component in the Oracle E-Business Suite system, which allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Engineering Change Order component of the Oracle Installed Base component in the Oracle E-Business Suite system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

The vulnerability of the sub-component “Engineering Change Order” of the “Oracle Application Object Library” component in the Oracle E-Business Suite system, which allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Login component – SSO in the Oracle Application Object Library exists due to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the Internal Operations sub-component of the Oracle iSupport component in the Oracle E-Business Suite automation system allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Internal Operations sub-component of the Oracle iSupport component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, or delete data...

CLSA-2024-1706026686 Fix CVE(s): CVE-2023-50269

SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...