August 8, 2023-KB5029649 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2

August 8, 2023-KB5029649 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 Revised on August 13th, 2023 to add a known issue. Release Date: August 8, 2023 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and Cumulative Update...

OPENSUSE-SU-2023:0216-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 115.0.5790.170 boo1213920 CVE-2023-4068: Type Confusion in V8 CVE-2023-4069: Type Confusion in V8 CVE-2023-4070: Type Confusion in V8 CVE-2023-4071: Heap buffer overflow in Visuals CVE-2023-4072: Out of bounds read and write in WebGL...

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

Advisory ROSA-SA-2023-2207

software: kernel-5.10 5.10.184 WASP: ROSA-CHROME packageevrstring: kernel-5.10-generic-5.10.184-1.src.rpm CVE-ID: CVE-2023-34255 BDU-ID: 2023-02994 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xfsbtreelookupgetblock function of the Linux operating systems kernel is related to memory usage aft...

Advisory ROSA-SA-2023-2204

Software: pcre2 10.32 OS: ROSA Virtualization 2.1 packageevrstring: pcre2-10.32-3.rv3.src.rpm CVE-ID: CVE-2022-1586 BDU-ID: 2022-03770 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the compilexclassmatchingpath function of the PCRE2 library is related to reading data beyond buffer boundaries in...

IBM: IDOR in upload videos of a Channel on https://video.ibm.com

Vulnerability description not provided...

EulerOS Virtualization 3.0.6.6 : systemd (EulerOS-SA-2023-2403)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete...

Advisory ROSA-SA-2023-2201

Software: open-vm-tools 11.0.5 OS: rosa-server79 packageevrstring: open-vm-tools-11.0.5-3.res7.6 CVE-ID: CVE-2023-20867 BDU-ID: 2023-03162 CVE-Crit: LOW CVE-DESC.: A vulnerability in the vgauth module of the VMware Tools component of the VMware ESXi hypervisor is related to errors in the...

Advisory ROSA-SA-2023-2194

Software: libtasn1 4.13 OS: ROSA Virtualization 2.1 packageevrstring: libtasn1-4.13-4.rv3.src.rpm CVE-ID: CVE-2021-46848 BDU-ID: 2022-06694 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the asn1encodesimpleder function of the Libtasn1 library is related to a single offset error. Exploitation of th...

CVE-2023-37272

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....

CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30963 Stored XSS in Foundry Slate Query Dropdown menu

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-22835 Denial of Service in Foundry Issues

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Found...

Nextcloud: Nextcloud All-In-One path disclosure of internal frontend

Vulnerability description not provided...

Advisory ROSA-SA-2023-2170

software: libksba 1.3.5 OS: ROSA-CHROME packageevrstring: libksba-1.3.5-10.src.rpm CVE-ID: CVE-2022-3515 BDU-ID: 2022-06395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the library providing functions for handling X.509 LibKSBA certificates is related to an integer overflow in the CRL parser...

Advisory ROSA-SA-2023-2169

software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...

June 13, 2023—KB5027281 (Security-only update)

June 13, 2023—KB5027281 Security-only update IMPORTANT For Windows Server 2012, the end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will...