MGASA-2021-0217 Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29956. Partial protection of inline OpenPGP message not indicated CVE-2021-29957...

PYSEC-2021-85

Plone through 5.2.4 allows XSS via the inlinediff methods in Products.CMFDiffTool...

Plone 跨站脚本漏洞

Plone is the industry's leading open source CMS system for content management, document management and knowledge management. A cross-site scripting vulnerability exists in Plone 5.2.4 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the inlinedi...

CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

Cross-Site Scripting (XSS)

Redmine is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via textile inline links...

PT-2024-11094 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a deadlock that occurs when cloning inline extents and using qgroups in the btrfs file system. This happens because when reserving metadata space for a...

CVE-2021-0270

On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine PFE microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service DoS condition whereby one or more Flexible PIC...

Race condition

On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine PFE microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service DoS condition whereby one or more Flexible PIC...

Description of the security update for Outlook 2016: April 13, 2021 (KB4504712)

Description of the security update for Outlook 2016: April 13, 2021 KB4504712 Summary This security update resolves a Microsoft Outlook memory corruption vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-28452. Note: To apply this...

Redmine Cross-Site Scripting Vulnerability (CNVD-2021-27366)

Redmine is an open source, web-based project management and defect tracking tool. A stored cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via textile inline links to conduct cross-site scripting attacks...

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

Cross site scripting

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

CVE-2020-36307

CVE-2020-36307 affects Redmine before 4.0.7 and Redmine 4.1.x before 4.1.1, with a stored XSS flaw via textile inline links. Several connected sources corroborate the vulnerability as a stored cross‑site scripting issue in Redmine’s web UI. Debian LTS advisories cite a patched Redmine version (3....

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links...

PT-2021-4536 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.6 Redmine versions 4.1.0 through 4.1.0 Description: The issue is related to stored XSS via textile inline links, which can be exploited by a remote attacker to impact data integrity. The vulnerability is due...

GitLab: RCE via unsafe inline Kramdown options when rendering certain Wiki pages

Summary When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and...

bind security update

32:9.11.4-26.P2.4 - Fix off-by-one bug in ISC SPNEGO implementation CVE-2020-8625 32:9.11.4-26.P2.3 - Fix inline re-signing rh1889902 32:9.11.4-26.P2.2 - Fix unsupported algorithms validation rh1769876 32:9.11.4-26.P2.1 - Fix tsig-request verify CVE-2020-8622 - Prevent PKCS11 daemon crash on...

CVE-2021-1730

A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user. This update addresses this vulnerability. To prevent these types of attacks, Microsoft recommends customers to download inline images from...