Fedora 40 : roundcubemail (2024-680b8ba54e)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-680b8ba54e advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs 9313 - Fix bug where HTML entities in URLs were not decoded on HTML to plain text...

openSUSE Security Advisory (SUSE-SU-2024:1446-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1446-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure bsc1222857 - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via passwordverify bsc1222858...

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2023:0345-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php8 (SUSE-SU-2022:3198-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php8 (SUSE-SU-2023:0074-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0332 Updated roundcubemail packages fix XSS security vulnerabilities

Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting XSS vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download CVE-2023-47272 Fix cross-site scripting XSS vulnerability in handling of SVG in HTML messages. CVE-2023-5631 Some...

CVE-2023-29009

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

Design/Logic Flaw

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-29009 basercms XSS Vulnerability via Favorites Feature

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

CVE-2023-29009

CVE-2023-29009 affects baserCMS: a stored XSS vulnerability in the Favorites feature on baserCMS WebAPI (PHP8/CakePHP4). Root cause is XSS in the Favorites UI leading to script execution on vulnerable admin/user pages. Impact described in sources includes potential browser-execution of arbitrary ...

PT-2023-22083 · Cakephp +2 · Cakephp +2

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 4.8.0 Description: The issue is a XSS Vulnerability in the Favorites Feature of baserCMS, a website development framework that runs on PHP8 and CakePHP4. This vulnerability allows malicious code to be executed in th...

OPENSUSE-SU-2023:0285-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Update to 1.6.3 boo1215433 Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file 9051 Update jQuery-UI to version 1.13.2 9041 Fix regression that broke usesecureurls feature 9052 Fix potenti...

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2023:2610-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2610-1 advisory. - The vulnerability exists due to a missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. ...

SUSE-SU-2023:2610-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

[slackware-security] php8

New php8 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.20-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see:...

Slackware: Security Advisory (SSA:2023-159-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2023:0527-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0527-1 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buff...