[SECURITY] [DSA 6217-1] luanti security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6217-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2026 https://www.debian.org/security/faq -...

CVE-2023-25822

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

JLSEC-2025-5 Lack of validation for user-provided fields in GitHub.jl

There is a lack of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validated or safely encoded and are sent directly to the server. Impact This means a user can add path...

EUVD-2020-6584

Malware in sbrugna...

EUVD-2023-34270

Malicious code in bioql PyPI...

EUVD-2022-27927

Malicious code in bioql PyPI...

EUVD-2023-34271

Malicious code in bioql PyPI...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper mTLS configuration handling. An attacker can exploit this misconfiguration to establish unauthorized connections to Redis instances that are intended to require client certificate...

CVE-2023-2820

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...

CVE-2020-14446

An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists...

DEBIAN-CVE-2024-34462

Alinto SOGo through 5.10.0 allows XSS during attachment preview...

kernel: ext4: kernel bug in ext4_write_inline_data_end()

A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0...

Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated...

Cross site scripting

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2024-21910 Cross-site scripting vulnerability in TinyMCE plugins

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2023-5445

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL requests to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logg...

GHSA-MJ24-GPW7-23M9 Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal

Impact ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the testitem.path field is exceeded the allowable "ltree" field type indexing limit path length=120 approximately, recursive nesting of the nested steps...

CVE-2023-25822

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

Design/Logic Flaw

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...