OPENSUSE-SU-2023:0285-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to 1.6.3 boo1215433 Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file 9051 Update jQuery-UI to version 1.13.2 9041 Fix regression that broke usesecureurls feature 9052 Fix potenti...

WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Backend Localization Type Plugin Vulnerable versions = 2.1.10 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44471 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2438ddd21c91 Credits Skalucy Require...

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

CVE-2023-41316 HTML Injection with email in Tolgee

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

CVE-2023-41316

CVE-2023-41316 affects Tolgee (open‑source localization platform) where lack of validation in the Org Name field allows HTML injection into unsanitized invitation emails sent by registered users. The vulnerability can enable directing recipients to malicious sites or executing JavaScript in the u...

CVE-2023-41316 HTML Injection with email in Tolgee

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)

Description of the security update for Microsoft Exchange Server 2019 and 2016: August 8, 2023 KB5029388 Notice We have re-released the Exchange Server 2019 and 2016 August 8, 2023, security update SU to address the localization issue that caused installations on non-English operating systems OS ...

Exchange Server security updates updated

Microsoft has re-released the August 2023 Security Updates SUs for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems OSes that caused Setup to stop unexpectedly, leaving Exchange services ...

Karma Catches Up to Global Phishing Service 16Shop

Youve probably never heard of "16Shop," but theres a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a...

Code injection

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

CVE-2023-38510

Tolgee CVE-2023-38510 affects Tolgee versions 3.14.0 through 3.23.1. The issue is that API-key requests bypass permission scope checks, effectively bypassing authorization for some endpoints. This vulnerability can enable unauthorized access if API keys are exposed on the internet; cases where ke...

CVE-2023-38510 Tolgee Lacks Permission Check for API Key for some endpoints

Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...

PT-2023-26488 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions 3.14.0 through 3.23.1 Description: Tolgee is an open-source localization platform. When a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing...

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-2380)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2023-136 Malicious code in blossom-flex-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45835a19933049983c803d03cb5c9fe34157fa2a4d00823f43d60983bbc79966 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in blossom-flex-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45835a19933049983c803d03cb5c9fe34157fa2a4d00823f43d60983bbc79966 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place

...

AlmaLinux 9 : git (ALSA-2023:3245)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3245 advisory. - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7,...

DEBIAN-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...