Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:0602-1 Rating: important References: 1165528 1169658 Cross-References: CVE-2020-10018 CVE-2020-11793 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...

SUSE-SU-2020:1135-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...

Open Ticket Request System Information Disclosure Vulnerability (CNVD-2020-32426)

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the service...

UBUNTU-CVE-2020-1774

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects OTRS Community Edition: 5.0.42 and prior versions, 6.0.27 and prio...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1109-1)

This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...

CVE-2020-4311

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 17708...

Bundeswehr Karriere - Cross Site Scripting Vulnerability

Document Title: =============== Bundeswehr Karriere - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2214 Video: https://www.vulnerability-lab.com/getcontent.php?id=2197 Release Date: ============= 2020-04-18...

DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - The user can using the same password as your current ID.

The current username and password can be set the same, making it easy to guess the password. As a weak password policy issue, The current username and password can be set the same, making it easy to guess the password. |Technical severity|VRT category| Specific vulnerability name|Variant / Affect...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as the same-origin policy in Firefox treated http://example.com and http://example.com as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information such as a client's IP and us...

Remote Code Execution (RCE)

The IcedTea-Web is vulnerable to denial of service DoS. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy...

Same-Origin Policy Bypass

firefox is vulnerable to Same-Origin policy bypass. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy...

Same-Origin Policy Bypass

thunderbird/firefox is vulnerable to Same-Origin Policy bypass. It was found that Thunderbird could treat two separate cookies for web content as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy...

Same Origin Policy Bypass

WebKitGTK+ is vulnerable to same origin policy bypass. It was found that WebKit did not correctly restrict read access to images created from the "canvas" element. Malicious web content could allow a remote attacker to bypass the same-origin policy and potentially access sensitive image data...

Same-Origin Policy Bypass

firefox is vulnerable to same-origin policy bypass. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox...

Information Disclosure

thunderbird is vulnerable to information disclosure. A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as an attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...

Information Disclosure

seamonkey is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain e.g. another website the user is viewing, bypassing the same-origin policy...

Same-Origin Policy Bypass

thunderbird is vulnerable to same-origin policy bypass. Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information...

Same-Origin Policy Bypass

seamonkey is vulnerable to same-origin policy bypass. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...