GHSA-PG9F-39PC-QF8G vulnerabilities

Vulnerabilities for packages: zed, deno, yazi, oxipng, wasmcloud, samply, ztunnel-fips, rust-analyzer, ruff, wadm, starship, cargo-c, lychee, yara-x, oranda, fd, pixi, cargo-audit, ztunnel, nushell...

GHSA-98P4-XJMM-8MFH vulnerabilities

Vulnerabilities for packages: cargo-audit...

@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

SUSE-SU-2017:2751-1 Security update for xen

This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host bsc10597...