9 matches found
CVE-2023-27578
Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...
Security Bulletin: This Power System update is being released to address CVE 2021-29891
Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-29891. Vulnerability Details CVEID:CVE-2021-29891 DESCRIPTION: IBM OPENBMC could allow a privileged...
GHSA-PCFX-G2J2-F6F6 Docassemble HTML and javascript injection
Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags allowing JavaScript to execute on the page. Patches The vulnerability has been patched in version 1.4.97 of the master...
Docassemble open redirect
Impact It is possible to create a URL that acts as an open redirect. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of 4801ac7 and restart the...
PT-2024-21799
Name of the Vulnerable Software and Affected Versions: Docassemble versions prior to 1.4.97 Description: The issue allows an attacker to create a URL that acts as an open redirect. This can potentially be used to redirect users to malicious websites. Recommendations: For versions prior to 1.4.97,...
[slackware-security] cups
New cups packages are available for Slackware 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.7-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fixed Heap-based buffer overflow when...
CVE-2023-27578 Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check
Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...
[slackware-security] mysql
New mysql packages are available for Slackware 10.2 and -current to fix security issues. The MySQL package shipped with Slackware 10.2 may possibly leak sensitive information found in uninitialized memory to authenticated users. The MySQL package previously in Slackware -current also suffered fro...
DSA-395 tomcat4 - incorrect input handling
Bulletin has no description...