Fedora: Security Advisory for gitit (FEDORA-2020-c39d7a562c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

www/py-bleach -- multiple vulnerabilities

bleach.clean behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to bleach.clean with strip=False and math or svg tags and one or more of the RCDATA tags script, noscript, style, noframes, iframe, noembed, or x...

openSUSE Security Update : Chromium (openSUSE-2019-548)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

X (Formerly Twitter): Html Injection and Possible XSS via MathML

Hi, I would like to report HTML Injection and possible cross site scripting XSS vulnerability using the MathML on Firefox. Account title of field is vulnerable to Html Injection which can lead an attacker to store javascript using the MathML in Firefox. Modern Firefox versions allow usage of inli...

Ruby on Rails: XSS by MathML at Active Storage

In Active Storage, formats treated as binary have been confirmed, It does not contain application/mathml+xml. https://github.com/rails/rails/commit/d40284b1a44773b03d78ca67a888b94fd330d1b1 In Marcel::MimeType.for, if content-type can not be determined with magic byte, since it is determined using...

openSUSE Security Update : Chromium (openSUSE-2018-759)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...

Debian DSA-4237-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-6118 Ned Williamson discovered a use-after-free issue. - CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. - CVE-2018-6121 It was discovered that malicious extensions could...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...

The vulnerability of Thunderbird software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this tool after its release in FontTableRec within Mozilla Firefox, Firefox ESR, and Thunderbird allows malicious actors who operate remotely to execute arbitrary code by improperly handling the fonts contained in MathML. This leads to incorrect processing of the DirectWrite font objec...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in the FontTableRec destructor in Mozilla Firefox allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in FontTableRec in Mozilla Firefox ESR allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...

The vulnerability of the Firefox browser allows a malicious individual to execute arbitrary code, gain access to confidential information, or cause a service failure.

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the libxul.so!gfxContext::Polygon function. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the dynamic memory of the process, trigger service...

Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20150722)

A flaw was found in the way the LibreOffice HWP Hangul Word Processor file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that...

Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305)

It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macro...

CentOS 7 : libabw / libcmis / libetonyek / libfreehand / liblangtag / libmwaw / libodfgen / etc (CESA-2015:0377)

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...