CVE-2024-56357

grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1...

CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56358 Cross-site Scripting vulnerability through svg attachment previews in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-56357 Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

CVE-2024-56330

CVE-2024-56330 affects Stardust, a platform for streaming isolated desktop containers. The issue allows inter container communication (ICC) to remain enabled, enabling a user in one container to access another container’s agent and potentially compromise access. The vulnerability is tied to ICC n...

Security update for grpc

This update for grpc fixes the following issues: CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 Patch Instructions: To install this SUSE update use the SUSE...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0 and 6.4.5: SC-202412.1

R1 Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0 and 6.4.5: SC-202412.1 Arnie Cabral Fri, 12/20/2024 - 07:29 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, PHP were...

PT-2024-28988 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP4 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: The issue is related to a malicious file upload vulnerability due to the lack of validation of the content of uploaded...

CVE-2024-24786 affecting package influxdb for versions less than 2.6.1-18

CVE-2024-24786 affecting package influxdb for versions less than 2.6.1-18. A patched version of the package is available...

CVE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...

CVE-2024-52589 Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from...

CVE-2024-52589 Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from...

CVE-2024-52589

Discourse CVE-2024-52589 involves an authorization issue where moderators can view the Screened emails list in the admin dashboard and learn users’ emails. Multiple sources flag this as a vulnerability in Discourse with the fix being applied in the latest versions; where upgrade is not possible, ...

CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2022-27595

CVE-2022-27595 corresponds to an insecure library loading vulnerability in QNAP’s QVPN Device Client. Multiple connected sources consistently state that a local attacker who already has user access can exploit this issue to execute unauthorized code or commands on affected systems. The problem is...

CVE-2022-27595 QVPN Device Client

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

mpg123:1.32.9 security update

1.32.9-1 - Rebase to 1.32.9, includes patch for CVE-2024-10573 Resolves: RHEL-65445 1.26.2-6 - Add patch for CVE-2024-10573 Resolves: RHEL-65445...

CVE-2024-49363

Misskey is an open source, federated social media platform. In affected versions FileServerService media proxy in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed...

SUSE-SU-2024:4376-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47594: mptcp: never allow the PM to close a listener subflow bsc1226560. - CVE-2022-48983: iouring: Fix a null-ptr-deref in iotctxexitcb bsc1231959. -...