Test update for SUSE:SLE-15-SP2:Update (security) (important)

openSUSE Security Update: Test update for SUSE:SLE-15-SP2:Update security Announcement ID: openSUSE-SU-2022:0277-1 Rating: important References: 1194507 Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.3 An update that contains security fixes can now be installed.Description: This is a...

Prototype Pollution

keyget is vulnerable to prototype pollution. The vulnerability exists in set and push methods of index.js because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes...

Authentication flaw

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...

Big Mother is watching: What parents REALLY think about tracking their kids

Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy protections good, invasions bad, but we rarely see a faithful, factual accounting for the biggest data privacy conundrum facing billions of people every single day: Should parents inva...

Foxit PDF Reader和Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader is a PDF reader. Foxit PDF Reader handles a buffer overflow vulnerability in some Javascript methods, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute arbitrary code in the...

Exposed Dangerous Method or Function

Overview guake is a Guake Terminal Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via...

JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2022:0182-1 Rating: important References: 1194019 Cross-References: CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803...

SSON not working with Microsoft Edge, Google Chrome and Firefox . Message "No logon methods are available on this platform" is seen.

After logging on to Chrome,Edge or Firefox this message is seen. No logon methods are available on this platform" After browsing to the Storefront URL a screen appears asking to detect if Citrix Workspace App ininstalled . Then this screen is seen...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

Security update for python39-pip (moderate)

openSUSE Security Update: Security update for python39-pip Announcement ID: openSUSE-SU-2022:0064-1 Rating: moderate References: 1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 SUSE: 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 An updat...

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...

UBUNTU-CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

PT-2022-9201 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3 Description: Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods...

Smarty 输入验证错误漏洞

Smarty is Smarty is a template engine for PHP that facilitates the separation of representation HTML/CSS from application logic. A security vulnerability exists in Smarty that stems from Smarty is a template engine for PHP that facilitates the separation of representation HTML CSS from applicatio...

Availability issue fixed in Microsoft Exchange

Due to a bug in the on-premises Microsoft Exchange Server 2016 and 2019, email may not have been sent out anymore. At this time, there is no reason to believe that incoming email has not been accepted. The accepted emails just could not be delivered. The problem could have occurred because of the...

Avast antivirus 安全漏洞

Avast antivirus, a suite of antivirus software from the Czech company Avast, has an elevation of privilege vulnerability that could be exploited by a local attacker to gain elevated privileges by invoking non-essential powerful internal methods of the main antivirus service...

ROS-2-2099

2.2099 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

Updated ruby packages fix security vulnerability

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...

CVE-2021-35243 HTTP PUT & DELETE Methods Enabled

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server 12.7.7 and earlier, allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the...