2131 matches found
PT-2019-16985 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server versions 11.3 through 11.7 Description: A Cross-Frame Scripting issue allows an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. Recommendations: For IBM InfoSphere...
UBUNTU-CVE-2019-13075
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with...
MGASA-2019-0190 Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fixes bugs and security vulnerabilities: Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with...
UBUNTU-CVE-2019-12269
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text...
DEBIAN-CVE-2019-12269
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text...
Important: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Permissions bypass in the inline-create rest resource - CVE-2018-20826
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...
Permissions bypass in the inline-create rest resource - CVE-2018-20826
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...
[SECURITY] Fedora 28 Update: python-jinja2-2.10.1-1.fc28
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
Semmle: CSP : Inline scripts can be inserted
Vulnerable URL:- https://lgtm-com.pentesting.semmle.net/ Summery Content Security Policy CSP is a client-side security model which allows developers to specify where different types of resources should be loaded, executed and embedded from. With CSP you can instruct the browser only to load...
kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
The fs/ext4/inline.c:ext4readinlinedata function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or...
chakra: Crash in Inline::TryGetCallbackDefInstr
Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=5647046554419200 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f088217001b Crash State: Inline::TryGetCallbackDefInstr...
Fedora 29 : ckeditor (2019-ae7f274d24)
CKEditor 4.11.2 Fixed Issues : - 2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks. - 2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the...
USN-3871-5 linux-azure vulnerabilities
Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
CVE-2019-7296
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...
CVE-2019-7296
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...
Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy in many situations. Graph theory algorithms...
Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...
Description of the security update for Outlook 2016: January 8, 2019
Description of the security update for Outlook 2016: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...