Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: gnutls: gnutls-3.8.12-1.1.hum1 aarch64, x8664 gnutls-c++-3.8.12-1.1.hum1 aarch64, x8664 gnutls-dane-3.8.12-1.1.hum1 aarch64, x8664 gnutls-devel-3.8.12-1.1.hum1 aarch64, x8664...

EUVD-2022-1501

Malicious code in bioql PyPI...

CVE-2023-6803

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1...

CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...

CVE-2023-46648

An insufficient entropy vulnerability was identified in GitHub Enterprise Server GHES that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

Improper access control

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHu...

CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

PT-2023-32741 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.8.11 GitHub Enterprise Server versions 3.9.0 through 3.9.6 GitHub Enterprise Server versions 3.10.0 through 3.10.3 GitHub Enterprise Server versions 3.11.0 Description: A race condition in...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...

PT-2023-30139 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 Description: An insufficient...

GitHub: Bypassing Collaborator Restrictions: Retaining Admin Access Post-Repository Transfer

A race condition was discovered in GitHub Enterprise Server that allowed an outside collaborator to be added while a repository was being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was addressed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1...

CVE-2023-25478

Cross-Site Request Forgery CSRF vulnerability in Jason Rouet Weather Station plugin = 3.8.12 versions...

CVE-2022-0341

Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.12...

CVE-2022-0341 Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.12...

Joomla! < 3.8.13 Access Level Violation Vulnerability

Inadequate checks on the tags search fields can lead to an access level violation. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla! cross-site scripting vulnerability (CNVD-2018-17502)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.8.12 that stems from the program failing to adequately filter output. A...

ACL Violation Vulnerability in Joomla!

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An ACL violation vulnerability exists in Joomla! versions prior to 3.8.12, which...

CVE-2012-4732

Vulnerability (CVE-2012-4732) : A cross-site request forgery (CSRF) in Request Tracker (RT) versions 3.8.12 and earlier than 3.8.15, and 4.0.6 and earlier than 4.0.8, lets remote attackers hijack user authentication to perform actions that toggle ticket bookmarks. Affected product: Request Tracke...

DEBIAN-CVE-2011-2085

Multiple cross-site request forgery CSRF vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users...