Mozilla Firefox ESR 代码问题漏洞

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 102.10, which stems from a truncated filename if the filename contains NULL characters when processi...

Mozilla Firefox ESR < 102.10

The version of Firefox ESR installed on the remote Windows host is prior to 102.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-14 advisory. - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memor...

Mozilla Firefox ESR < 102.10

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-14 advisory. - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

sinatra: Reflected File Download attack

A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...

RHEL 9 : pcs (RHSA-2023:0974)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0974 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Reflected File Downlo...

AlmaLinux 9 : pcs (ALSA-2023:0974)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0974 advisory. - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An...

pcs security update

An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

Rocky Linux 8 : pcs (RLSA-2023:0855)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0855 advisory. - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An...

Oracle Linux 8 : pcs (ELSA-2023-12137)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12137 advisory. 0.10.14-5.0.1 - Replace HAM-logo.png with a generic one 0.10.14-5.el87.2 - Updated bundled rubygems: mustermann, rack, rackprotection, sinatra, tilt - Added...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

sinatra: Reflected File Download attack

A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

sinatra: Reflected File Download attack

A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...

ALSA-2023:0855 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Reflected File Download attack CVE-2022-45442 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RHEL 8 : pcs (RHSA-2023:0855)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0855 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Reflected File Downlo...

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Reflected File Download attack CVE-2022-45442 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

SUSE CVE-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

SUSE CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

MGASA-2023-0029 Updated ruby-sinatra packages fix security vulnerability

Potential reflected file download RFD vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. CVE-2022-45442...