11 matches found
CVE-2024-1936
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Problem Entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage "zero-storage" is used as a backward compatibility layer for...
Vulnerability fixed in Zimbra collaboration suite
A vulnerability has been fixed in Zimbra Collaboration Suite. The vulnerability allows a malicious party to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or potentially access sensitive data in the...
Moderate: Red Hat Security Advisory: rubygem-passenger security update
Updated rubygem-passenger packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
MGASA-2013-0169 Updated qemu packages fix security vulnerability
It was found that QEMU Guest Agent the "qemu-ga" service created certain files with world-writable permissions when run in daemon mode the default mode. An unprivileged guest user could use this flaw to consume all free space on the partition containing the qemu-ga log file, or modify the content...
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20130603)
It was found that QEMU Guest Agent the 'qemu-ga' service created certain files with world-writable permissions when run in daemon mode the default mode. An unprivileged guest user could use this flaw to consume all free space on the partition containing the qemu-ga log file, or modify the content...
Important: Red Hat Security Advisory: jboss-seam2 security update
Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.1 update
Updated JBoss Enterprise Application Platform 5.1.1 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.1 update
Updated JBoss Enterprise Application Platform 5.1.1 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
Debian: Security Advisory (DSA-1516-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1516-1 : dovecot - privilege escalation
Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory on the server for example, through an SSH login could read and also delete via a symbolic link mailboxes...