[SECURITY] Fedora 42 Update: texlive-base-20230311-94.fc42

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

[SECURITY] Fedora 43 Update: texlive-base-20230311-94.fc43

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

EUVD-2018-12635

Malware in sbrugna...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

GHSA-HF29-9HFH-W63J Duplicate Advisory: Gogs allows argument injection during the previewing of changes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9pp6-wq8c-3w2c. This link is maintained to preserve external references. Original Description Gogs through 0.13.0 allows argument injection during the previewing of changes...

CVE-2024-39932

Gogs through 0.13.0 allows argument injection during the previewing of changes...

CVE-2024-39932

Gogs through 0.13.0 allows argument injection during the previewing of changes...

Genesis Blocks < 3.1.3 - Contributor+ Stored XSS

Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. As a contributor, put the below code in a post while in Code Editor mode The XSS will be triggered when viewing/previewing...

Scriptless Social Sharing < 3.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add a "Scriptless Social Sharing" Gutenberg block to a...

Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...

IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some fields when high privilege users don't have the unfilteredhtml capability, which could lead to Stored Cross-Site Scripting issues PoC Customise a template from the plugin /wp-admin/admin.php?page=cscstemplates and put the following payload in the...

Microsoft Outlook Attachment Previewing Enabled

Microsoft Outlook application that is installed on the remote host has attachment previewing enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Microsoft Security Updates API. The text itself is copyright C Microsoft Corporatio...

CVE-2018-20058

CVE-2018-20058 describes a local file path traversal in Evernote for macOS prior to 7.6, affecting the attachment preview feature (MACOSNOTE-28634). The vulnerability path is local file access via the attachment preview, enabling potential leakage of files present on the user’s system. The NVD en...

CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

vBulletin 3.0 - Private Message HTML Injection

vBulletin 3.0 - Private Message HTML Injection source: https://www.securityfocus.com/bid/7594/info A vulnerability has been reported in vBulletin 3.0.0 beta 2. The problem is said to occur due to insufficient sanitization of private messages. As a result, an attacker may be capable of embedding...

Important: Red Hat Security Advisory: : Updated KDE packages fix security issues

This erratum provides updated KDE packages to resolve two security issues. KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and file names before passing them to a command shell. This could allow remote attackers to execute...