EUVD-2015-4410

Malware in sbrugna...

EUVD-2020-4268

Malware in sbrugna...

EUVD-2013-4173

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and...

CVE-2012-1632

Cross-site scripting XSS vulnerability in passwordpolicy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter...

OESA-2024-2307 opendmarc security update

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that supports the...

SUSE-SU-2023:3877-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2023-20897: Do not fail on bad message pack message bsc1213441 CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948...

SUSE CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...

CVE-2021-24017

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler...

Information Disclosure

PulseAudio is vulnerable to information disclosure. A race condition can occur if SCMCREDENTIALS were missing casuing the snap policy module to fail to identify a client connection from a snap as coming from a snap , allowing the snap to connect to PulseAudio without proper confinement. This coul...

CVE-2020-16123 Bypass of snapd pulseaudio restrictions

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCMCREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited ...

CVE-2020-16123

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCMCREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited ...

CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...

UBUNTU-CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...

CVE-2015-4387

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

Cross site scripting

Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...

CVE-2015-4387

The CVE-2015-4387 vulnerability affects the Drupal Password Policy module (6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11). The root cause is inadequate sanitization in certain administration pages when a policy uses the username constraint, allowing a crafted username imported from an exter...

CVE-2013-4274

Cross-site scripting XSS vulnerability in the passwordpolicyadminview function in passwordpolicy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web...

CVE-2012-5552

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."...

Drupal Password Policy模块跨站请求伪造和跨站脚本执行漏洞

BUGTRAQ ID: 51385 CVE ID: CVE-2012-1633 Drupal是一款开源CMS，可以作为各种网站的内容管理平台。 Drupal Password Policy模块6.x-1.x 存在跨站脚本漏洞。可允许远程攻击者劫持管理员用户接通用户请求的验证。 0 Drupal Password Policy 6.X-1.X 厂商补丁： Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://drupal.org/...