Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
87
security advisorydebianhsqldbDebian: HSQLDB Moderate Scripting Issue CVE-2023-1183 DSA-5995-1
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5995-1
Sep 10, 2025
•Important
Debian
203
security advisorycriticalscripting issueMageia 9: MGASA-2024-0191 Critical: Thunderbird Security Issues
Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367) IndexedDB files retained in private browsing mode. (CVE-2024-4767) Potential permissions request bypass via clickjacking. (CVE-2024-4768) Cross-origin responses could be distinguished between script and non-script content-types. (CVE-2024-4769) . MGASA-2024-0191 - Updated thunderbird packages fix security vulnerabilities Publication date: 21 May 2024 URL: https://advisories.mageia.org/MGASA-2024-0191.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367) IndexedDB files retained in private browsing mode. (CVE-2024-4767) Potential permissions request bypass via clickjacking. (CVE-2024-4768) Cross-origin responses could be distinguished between script and non-script content-types. (CVE-2024-4769) Use-after-free could occur when printing to PDF. (CVE-2024-4770) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. (CVE-2024-4777) References: - https://bugs.mageia.org/show_bug.cgi?id=33218 - https://www.thunderbird.net/en-US/thunderbird/115.11.0esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/ - https://www.cve.org/CVERecord?id=CVE-2024-4367 - https://www.cve.org/CVERecord?id=CVE-2024-4767 - https://www.cve.org/CVERecord?id=CVE-2024-4768 - https://www.cve.org/CVERecord?id=CVE-2024-4769 - https://www.cve.org/CVERecord?id=CVE-2024-4770 - https://www.cve.org/CVERecord?id=CVE-2024-4777 SRPMS: - 9/core/thunderbird-115.11.0-1.mga9 - 9/core/thunderbird-l10n-115.11.0-1.mga9 . Mozilla Thunderbird version 115.11 includes crucial updates addressing several vulnerabilities related to JavaScript execution and permission bypass vulnerabilities.. Thunderbird Security Advisory, Mageia Updates, JavaScript Execution Fixes, Clickjacking Issues. . Severity: Critical. LinuxSecurity.com Team
May 21, 2024
•Critical
Mageia
100
security advisorymoderatepatchSUSE: 2021:1576-1 Moderate: OpenVPN Authentication Bypass Resolution
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1576-1 Rating: moderate References: #1085803 #1185279 Cross-References: CVE-2018-7544 CVE-2020-15078 CVSS scores: CVE-2018-7544 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2018-7544 (SUSE): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-15078 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279). - CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1576=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openvpn-2.3.8-16.26.1 openvpn-auth-pam-plugin-2.3.8-16.26.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.26.1 openvpn-debuginfo-2.3.8-16.26.1 openvpn-debugsource-2.3.8-16.26.1 References: https://www.suse.com/security/cve/CVE-2018-7544.html https://www.suse.com/security/cve/CVE-2020-15078.html https://bugzilla.suse.com/1085803 https://bugzilla.suse.com/1185279 . SUSE Security Update 2021:1576-2 for openvpn addresses criticalvulnerabilities, including authentication failures and scripting errors requiring immediate remediation.. OpenVPN Update, SUSE Security, Authentication Bypass Fix. . LinuxSecurity.com Team
May 12, 2021
SuSE
172
security advisorycriticalUbuntuUbuntu: USN-717-3 Critical: Firefox Script Bypass and Cookie Access
Kojima Hajime discovered that Firefox did not properly handle an escaped nullcharacter. An attacker may be able to exploit this flaw to bypass scriptsanitization. (CVE-2008-5510). ==========================================================Ubuntu Security Notice USN-717-3 February 11, 2009 firefox vulnerabilities CVE-2008-5510, CVE-2009-0357 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614j-0ubuntu1 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. (CVE-2008-5510) Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information. (CVE-2009-0357) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 184569 201540f2560ee07d0a7b30d367ce41bd Size/MD5: 1800 e8a6f2726dbc06dade12a0ebc19c7fae Size/MD5: 48454140 496d1a74f2a98e8983737a874a9db29f Architecture independent packages: Size/MD5: 53638 9a18c7067527411eababced232354e7c Size/MD5: 52746 fa9d687831d30b8f8ef39da07c7a1ff4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 47675616 d3b427dc0d4db0eebb5f3147ce3d29bb Size/MD5: 3045278 1683527a70cdf674f7b711ad559db6b4 Size/MD5: 85802 d88ad731cdfc825cb1f88ad91d8fbe2d Size/MD5: 9522850 b6d18064354f4e733894ce40fe048be4 Size/MD5: 22811690343b0a500020dd643c049164ba9c93 Size/MD5: 165590 3c2be076fb6d9c61cb42d938a90b93d2 Size/MD5: 254734 4198117776b43f20ca6d70b554b81db7 Size/MD5: 826298 b88f70f60cb48caa96add58750e5b4bd Size/MD5: 218730 e76dcc4583433117dbd7b81a77a858f5 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 44222898 8c37f41c90782d6f7a1bef130a33bebc Size/MD5: 3042728 4542d11b7a0d330ba036246b518b7348 Size/MD5: 78320 a09d5ac38d8656b09b02f61de4a3a848 Size/MD5: 8031042 89edcd5c182b752bd4a81d53bb4fcf9c Size/MD5: 226174 0837e3ee67b4f6cde742c775e037f458 Size/MD5: 150976 6405eb0e815c96e8627f2b4d136eff11 Size/MD5: 255144 0e40cab26f0632c3d8687def727799c5 Size/MD5: 716692 950b133f03721a6e850c39374211eed9 Size/MD5: 212318 32b6d850fe57e89ae8646adb606552df powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 49080148 8c660c35194a0d6ea0eaef04217fabee Size/MD5: 2858774 459ccaa976dadf0a084d79a749a1117e Size/MD5: 81422 ebce34e5fbdc9f9512eb52ff4722ae5b Size/MD5: 9112744 6b2cda45169a8a9bb7b13afd2698a304 Size/MD5: 222260 6aae274c9ced525cd99cc4995a893118 Size/MD5: 163044 390f958f20ee78f041342d934b67edcd Size/MD5: 247834 3a4363d4e6b72e79826f46013328d975 Size/MD5: 816088 69bf430f8f920576685682d684dd0159 Size/MD5: 215280 33d4ae48f71b7ac9c0b8a3ddaccbe9b9 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 45627582 86289259deef3338488deff398981f8f Size/MD5: 2858786 b846d70d98da5c911c56175900f38561 Size/MD5: 79926 b001d774bd2f4eeba25abe99aaf806f1 Size/MD5: 8498570 191dac8aa9174eefd1a0bdfe212b453a Size/MD5: 222282 2dc8e2df944c5d49c4e7a409077eb3ff Size/MD5: 152948 68af6ea71c2386cff897d0862f2025ab Size/MD5: 247844 243fcbcde87e019f0e81748b9db25014 Size/MD5: 727550 dcb087f639cc1fe8be4fea51c4034d28 Size/MD5: 212730 d74dc227e12ba13b96cb586edefe1c90 . Ubuntu Security Notice USN-718-1 details significant vulnerabilities in Chromium and recommends comprehensive safeguards.. Firefox Vulnerabilities, Script Bypass, Cookie Access Issues, Ubuntu Update. . Severity: Critical. LinuxSecurity.com Team
Feb 11, 2009
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!