CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

PYSEC-2022-165

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

UBUNTU-CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

CVE-2022-21831

A flaw was found in the Active Storage module of Rails, where the transformation method or its arguments for imageprocessing are not trusted arbitrary input. This flaw allows an attacker to inject code in Rails. Mitigation To work around this issue, applications should implement a strict allow-li...

GHSA-8C76-MXV5-W4G8 Stored Cross-site Scripting in Microweber

Microweber 1.2.11 and prior contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods...

Stored Cross-site Scripting in Microweber

Microweber 1.2.11 and prior contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2022:0873-1 Rating: important References: 1193314 1193444 1193491 1194926 1194928 1194929 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 1195163 Cross-References: CVE-2022-21248...

Security update for stunnel (important)

openSUSE Security Update: Security update for stunnel Announcement ID: openSUSE-SU-2022:0872-1 Rating: important References: 1181400 1182529 SLE-20679 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 An update that contains security fixes and contains one feature can now be installed...

CVE-2022-0954

Multiple Stored Cross-site Scripting XSS Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11...

CVE-2022-0954 Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in microweber/microweber

Multiple Stored Cross-site Scripting XSS Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11...

Security update for openssl-1_0_0 (important)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2022:0856-1 Rating: important References: 1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE...

Security update for java-11-openjdk (moderate)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2022:0816-1 Rating: moderate References: 1194925 1194926 1194927 1194928 1194929 1194930 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 Cross-References: CVE-2022-21248 CVE-2022-212...

CVE-2021-26401

LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs...

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods

Description 1 Checkout URL and Custom order id parameters are vulnerable to stored XSS, which are located in Shop Settings other settings Advanced 2 From e-mail address and From name parameters are vulnerable to stored XSS, which are located in Shop Settings Autorespond E-mail settings check your...

Extortion scheme impersonates government officials, law enforcement

The FBI issued a public warning this week about a fraud scheme wherein scammers impersonate government officials and law enforcement personnel. According to the PSA, the scammers spoof legitimate numbers and names and use fake credentials of well-known members of the government and law enforcemen...

Brave browser goes the extra mile to block third party cookies

Brave is testing a new feature to stop bounce tracking, a sneaky method that websites use to load third-party tracking cookies so they can gather more information about who is visiting their site. The Brave browser As you may remember from our post about the best browsers for privacy and security...

Possible code injection vulnerability in Rails / Active Storage

The Active Storage module of Rails starting with version 5.2.0 is possibly vulnerable to code injection. This issue was patched in versions 5.2.6.3, 6.0.4.7, 6.1.4.7, and 7.0.2.3. To work around this issue, applications should implement a strict allow-list on accepted transformation methods or...

Security update for perl-App-cpanminus (moderate)

openSUSE Security Update: Security update for perl-App-cpanminus Announcement ID: openSUSE-SU-2022:0074-1 Rating: moderate References: Cross-References: CVE-2020-16154 CVSS scores: CVE-2020-16154 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-S...

Security update for go1.17 (important)

openSUSE Security Update: Security update for go1.17 Announcement ID: openSUSE-SU-2022:0723-1 Rating: important References: 1190649 1195834 1195835 1195838 Cross-References: CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVSS scores: CVE-2022-23772 NVD : 7.5...

Security update for flatpak (important)

openSUSE Security Update: Security update for flatpak Announcement ID: openSUSE-SU-2022:0712-1 Rating: important References: 1194610 1194611 Cross-References: CVE-2021-43860 CVE-2022-21682 CVSS scores: CVE-2021-43860 NVD : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-21682 NVD : 6.5...