SUSE-SU-2024:4120-1 Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001327 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-128.5.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

openSUSE Security Advisory (SUSE-SU-2024:4050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:4050-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.4.3 fixed: Folder corruption could cause Thunderbird to freeze and become unusable fixed: Message corruption could be propagated when reading mbox fixed: Folder compaction was not abandoned on shutdown fixed:...

CVE-2024-9442

The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above...

CVE-2024-9442 F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above...

CVE-2024-9442 F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above...

WordPress plugin F4 Improvements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

November 21, 2024-KB5048162 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

November 21, 2024-KB5048162 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2 Release Date: November 21, 2024 Version: .NET Framework 3.5 and 4.8.1 Revised: December 18th, 2024 to update the quality and reliability improvement. If you have already installed...

WordPress F4 Improvements plugin <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin F4 Improvements versions = 1.9.0...

PT-2024-39635 · WordPress · F4 Improvements

Name of the Vulnerable Software and Affected Versions: F4 Improvements plugin for WordPress versions up to, and including, 1.9.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

WordPress F4 Improvements Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software F4 Improvements Type Plugin Vulnerable versions = 1.9.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9442 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 375a420bcdeb Credits Francesco Carlucci Require...

Virtuozzo Hybrid Infrastructure 6.3 Hotfix 1 (6.3.0-177)

This update provides stability and performance improvements. Vulnerability id: VSTOR-91833 A performance improvement. Vulnerability id: VSTOR-94382 Increased the number of Grafana dashboards that can be added to the Dashboard Directory. Vulnerability id: VSTOR-94508 In the admin panel, LUNs are n...

webkitgtk: Memory corruption issue when processing web content

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u432 icedtea-3.33.0: CVE-2024-21208: Enhance HTTP client bsc1231702. CVE-2024-21210: Improve handling of vectorization bsc1231711. CVE-2024-21217: Improve deserialization support bsc1231716. CVE-2024-21235: Improve...

November 12, 2024—KB5046633 (OS Builds 22621.4460 and 22631.4460)

November 12, 2024—KB5046633 OS Builds 22621.4460 and 22631.4460 New 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for...

November 12, 2024—KB5046687 (Monthly Rollup)

November 12, 2024—KB5046687 Monthly Rollup End of support information As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. We recommend that you upgrade to a supported version of Windows. For more information, see Update that...

November 12, 2024—KB5046616 (OS Build 20348.2849)

November 12, 2024—KB5046616 OS Build 20348.2849 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out wh...

November 12, 2024—Hotpatch KB5046698 (OS Build 20348.2819)

November 12, 2024—Hotpatch KB5046698 OS Build 20348.2819 Improvements and fixes This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the...

November 12, 2024—KB5046661 (Monthly Rollup)

November 12, 2024—KB5046661 Monthly Rollup End of support information Windows Server 2008 SP2 Extended Security Updates ESU third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended...