CLSA-2023-1695752243 Fix CVE(s): CVE-2022-45703

SECURITY UPDATE: a heap buffer overflow triggered in displaydebugsection at binutils/readelf.c - debian/patches/CVE-2022-45703.patch: combine sanity checks, calculate element counts, not word counts, fix typo - CVE-2022-45703...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks 1. Create a contact form 2. Embed the contact form shortcode on a post or page. 3. As an Unauthitncated user, inject the inputs for a malicious scri...

Important: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CVE-2023-25586

A flaw was found in Binutils. A logic fail in the bfdinitsectiondecompressstatus function may lead to the use of an uninitialized variable that can cause a crash and local denial of service...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

PT-2023-20182 · Binutils +1 · Binutils +1

Name of the Vulnerable Software and Affected Versions: Binutils affected versions not specified Description: A flaw was found in Binutils, where a logic fail in the bfd init section decompress status function may lead to the use of an uninitialized variable. This can cause a crash and local denia...

Moderate: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22...

Moderate: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22...

CLSA-2023-1694538536 Fix CVE(s): CVE-2022-47695

SECURITY UPDATE: segmentation fault in objdump.c comparesymbols - debian/patches/CVE-2022-47695.patch: test symbol flags to exclude section and synthetic symbols before attempting to check flavour - CVE-2022-47695...

CLSA-2023-1694538006 Fix CVE(s): CVE-2022-47695

SECURITY UPDATE: segmentation fault in objdump.c comparesymbols - debian/patches/CVE-2022-47695.patch: test symbol flags to exclude section and synthetic symbols before attempting to check flavour - CVE-2022-47695...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2023-27932 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA versions 100 through 108 Description: The issue allows an attacker to upload an XML file as an attachment in the Create Single Payment application. When the XML file is clicked on in the attachment section, it opens in the browser...

The vulnerability of the `writeSingleSection` function in the libtiff library allows a hacker to trigger a service failure.

The vulnerability of the writeSingleSection function in the LibTIFF library involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

CVE-2023-39711

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...

CVE-2023-39711

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section...

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin Gallery) Vulnerability

Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting Plugin 'Gallery' CVE: CVE-2023-38911 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Description: CSZ CMS 1.3.0 is affected b...