CLSA-2026-1777378006 sudo: Fix of 3 CVEs

CVE-2021-23239: fix potential directory existence info leak in sudoedit - CVE-2023-28486: escape control characters in log messages - CVE-2023-28487: escape control characters in sudoreplay output...

EUVD-2017-1244

Malware in sbrugna...

EUVD-2020-20127

Malware in sbrugna...

EUVD-2019-0779

Malware in sbrugna...

EUVD-2022-0100

Malicious code in bioql PyPI...

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups...

PT-2022-10851 · Ibm · Ibm Guardium Data Encryption

Name of the Vulnerable Software and Affected Versions: IBM Guardium Data Encryption GDE versions 4.0.0 through 5.0.0 Description: The issue arises from IBM Guardium Data Encryption GDE preparing a structured message for communication with another component, but the encoding or escaping of the dat...

UBUNTU-CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

PT-2020-15363 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Release Manager Plugin versions 1.2 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the Repository URL field form validation is not...

CVE-2019-13407

CVE-2019-13407 affects Advan VD-1 firmware versions up to 230. The issue arises in cgibin/ssi.cgi where a resource-not-found error message is not properly escaped, causing a reflected cross-site scripting (XSS) vulnerability. Impact is user-injected script execution in the context of the device’s...