Category Archives: Advisories

roundcubemail-1.5.7-1.el9

Read Time:26 Second

FEDORA-EPEL-2024-1f1aef9c1c

Packages in this update:

roundcubemail-1.5.7-1.el9

Update description:

Release 1.5.7

Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
Fix TinyMCE localization installation (#9266)
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Read More

roundcubemail-1.6.7-1.fc39

Read Time:34 Second

FEDORA-2024-a591b4dc74

Packages in this update:

roundcubemail-1.6.7-1.fc39

Update description:

Release 1.6.7

Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Read More

roundcubemail-1.6.7-1.fc40

Read Time:34 Second

FEDORA-2024-680b8ba54e

Packages in this update:

roundcubemail-1.6.7-1.fc40

Update description:

Release 1.6.7

Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Read More

USN-6782-1: Thunderbird vulnerabilities

Read Time:39 Second

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768,
CVE-2024-4769, CVE-2024-4777)

Thomas Rinsma discovered that Thunderbird did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)

Irvan Kurniawan discovered that Thunderbird did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)

Read More

ZDI-24-490: LAquis SCADA LGX Report Processing AddComboFile Path Traversal Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5040.

Read More