🚨 CVE-2023-37528
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix Platform is affected by multiple security vulnerabilities - Customer Support
HCL BigFix Platform has addressed multiple vulnerabilities in cURL (CVE-2023-38545) and BigFix source
🚨 CVE-2024-0895
The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
🎖@cveNotify
The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
🎖@cveNotify
🚨 CVE-2024-0909
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.
🎖@cveNotify
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.
🎖@cveNotify
🚨 CVE-2024-23550
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
🎖@cveNotify
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
🎖@cveNotify
Hcltechsw
Security Bulletin: HCL DevOps Deploy / HCL Launch (UCD) may be vulnerable to sensitive information disclosure (CVE-2024-23550)…
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows
🚨 CVE-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
🎖@cveNotify
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
🎖@cveNotify
🚨 CVE-2020-28049
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
🎖@cveNotify
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
🎖@cveNotify
openSUSE Mailing Lists
[security-announce] openSUSE-SU-2020:1870-1: moderate: Security update for sddm - openSUSE Security Announce
openSUSE Security Update: Security update for sddm
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1870-1
Rating: ……
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1870-1
Rating: ……
🚨 CVE-2021-38593
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
🎖@cveNotify
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
🎖@cveNotify
🚨 CVE-2023-32763
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
🎖@cveNotify
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
🎖@cveNotify