SUSE-SU-2021:1577-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key bsc1169925. - CVE-2018-7544: Fixed cross-protocol scriptin...

SUSE-SU-2021:1576-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication bsc1185279. - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface bsc1085803...

Critical Magento Flaws Allow Code Execution

Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesda...

Elastic Stack 6.8.6 and 7.5.1 security update

Kibana XSS ESA-2019-17 Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting XSS flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...

CVE-2018-19927

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zFormsavechanges sipnick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases...

openSUSE Security Update : bash (openSUSE-2017-614)

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. This update...

Debian Security Advisory DSA 3731-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181 A cross-site scripting issue was discovered. CVE-2016-5182 Giwan Go discovered a heap overflow issue. CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. CVE-2016-5184 Another...

MGASA-2015-0201 Updated tcl-tcllib packages fix a security vulnerability

Updated tcl-tcllib package fixes security vulnerability: tcllib is vulnerable to a Cross-Site-Scripting XSS issue in html::textarea...

LemonLDAP:NG 0.9.3.1 User Enumeration Weakness and Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-for...

Fedora 20 : cups-1.7.2-1.fc20 (2014-5079)

Upstream bug-fix release, which among others fixes possible cross-site scripting issue in CUPS web interface. - https://cups.org/blog.php?L717 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Cross site scripting

Cross-site scripting XSS vulnerability in RSA Adaptive Authentication On-Premise 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue...

CVE-2013-0939

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...

JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 7763)

This update resolves - a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website. CVE-2011-2444 Note: There are reports that this issue is being exploited in the wild in active targeted...

CVE-2011-2444

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...

W-Agora 4.2.1 - search.php3?bn Traversal Local File Inclusion

W-Agora 4.2.1 - search.php3?bn Traversal Local File Inclusion source: https://www.securityfocus.com/bid/44370/info w-Agora is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the...

MODX <= 2.0.2 Multiple Vulnerabilities - Active Check

MODX is prone to a local file include LFI vulnerability and a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

MODx manager - &#039;/controllers/default/resource/tvs.php?class_key&#039; Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/43577/info MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strin...

PT-2010-4537 · Gnu +2 · Gnu Mailman +2

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.14rc1 Description: The issue involves multiple cross-site scripting XSS vulnerabilities that allow remote authenticated users to inject arbitrary web script or HTML. This can be achieved through vectors...