DELTA 496976 0 14012 SVN† † •"¸p•:´B–‚)—e‹†„|™RDrupal core - Moderately critical - Cross Site Scripting drupal8 8.6.13SA-CORE-2019-0048.6.13 CVE-2018-20497 CVE-2018-20495 CVE-2018-20488 CVE-2018-20494 ŒÀ† † !°f †žN 4 11.2.’à† † c‘†ž1™€† † 4€2†žN2ocal Users Deny Service, and Local Users Access Data and Gain Elevated Privileges

A local user can exploit a flaw in the Replication component to gŸ † † 4€2†žN2017c2987f9a"> LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula libreoffice
Note that CVE 2017-3738 of OpenSSL-1.0.2 affected Node but it was low severity«à† † 4€2†žN2vename>CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169
No Äà† † Iž`£~ªg´?†q]H for privilege escalation379 CVE-2016-9380Ë€† † _šTž.€D†žN^y> 2016-10-07c8d902b1-8550-11e6-81e7-d050996490d0"> BIND -- Remote DenÑ † † a€`‹†žI`ription> CVE-2014-3955 SA-14:21.route×À† † 4€2†žN2 Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, repÝà† † 4€2†žN2supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt">
wpa_supplicant unauthorized WNM Sleep Mode GTK control. (2015-6 - CVE-2015-5310)
MSA-16-0002: XSS Vulnerability in course management searchê † † h€`B@‡B@†ž9ge/libarchive/commit/2253154 https://github.com/libarchive/libarchive/issues/5023865cf2ðÀ† † € Mð~†ž)% , triggering a REQUIRE failure when those records were subsequently cached. This flaw is disclosed in CVE-2015-8000. [RT #40987]öà† † ‚‡†}Qý€† † 4€2†žN2 https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6 2011-05-19 ƒ † † 4€2†žN2zenphoto-1.4.9 http://seclists.org/oss-sec/2015/q3/123 https://github.com/zenphoto/zenphoto/pull/935 CVE-2015-5591
4 security fixes in this release:
- [464922] High CVE-2015-1266: Scheme validation eà† † 4€2†žN2our sites immediately.
  
  A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise–€† † 4€2†žN2e cluster name.
Likewise, an attacker could add content or execute arbitrary Javascript code on behalf of a user using the management web UI. However, tœ † † 4€2†žN2tion of code by way of CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 -- collectively known as "Shellshock." This vulnerability requi¢À† † f€eU…“†žFevename> 2014-04-21 2014-04-23¨à† † 4€2†žN2 monitorix -- serious bug in the built-in HTTP server <¯€† † 4€2†žN2dation reports:

A heap overflow exists in the processing of the PrefixList attribute oµ † † 4€2†žN2 server specified in the "connect" option or execute MITM attacks on the TCP session between stunnel and the proxy

Can be exploited for remote code exec»À† † 4€2†žN2> 2012-11-09 2012-11-10 2012-11-13 2010-08-24 2010-08-25 fetchmail 6.3.116.3.14MaíÀ† † 4€2†žN2n compromised, and three plugins are affected.

The port of squirrelmail-sasql-plugin is safe (right MD5), and change_pass is not in the FreeBSD ports tree, buóà† † FÅ@ŸX®m†žCtor 0.2.0.34ú€† † 4€2†žN2me>CVE-2008-4577 CVE-2008-4578 2008-10-05 2008-11-19 CVE‚†À† † @ ¿zÁ†žG? tethereal-lite 0.8.160.99.7‚Œà† † [X…±s€Z†žNZWhen named(8) is operating as a recursive DNS server or sending NOTIFY requests to slav‚“€† † 4€2†žN2-000c6ec775d9"> php -- multiple vulnerabilities php5-imap php5-odbc php5-session
OS Reviews reports:

If the update of the stats via web front-end is allowed,‚¥à† † `¾S‰@¡†žN_use the aforementioned rules, are not affected by this issu81 SA-‚¬€† † 4€2†žN2ugh time to remove a file and hardlink it to another file owned by the user running unzip. When unzip changes the permissions of the file it could give the attacker acc‚² † † 4€2†žN2hp" script that does not properly filter the "highlight" parameter before calling the "preg_replace()" function, which may be exploited by remote attackers to execute ‚¸À† † 4€2†žN2ounce/mfsa2005-37.html">
Firefox and the Mozilla Suite support custom "favicons" through the <LINK rel="icon"> tag. If a link tag is added to the page progr‚¾à† † 4€2†žN2a95bc6fae"> bugzilla -- cross-site scripting vulnerability bugzilla ja-bugzilla 2.16.8 rssh & scponly -- arbitrary command execution rssh 2.2.2 ja-linux-netscape 0http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=19349 ‚×àí"îT4€2í"2voked.

The following summary was written by Werner Koch, GnuPG author: