Critical: Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.9] Async #1

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base...

b2evolution Code Execution Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A security vulnerability exists in b2evolution CMS v7.2.3, which can be exploited by an attacker to execute arbitrary code via the parameter cfqueryparam in the user login section...

Cross-site Scripting in django-wiki

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

GHSA-3M3H-V9HV-9J4H Cross-site Scripting in django-wiki

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Zomato: Race condition in User comments Likes

The researcher found a Race Condition to artificially inflate the upvotes of user comments in the Restaurant's review section...

CVE-2021-25986

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

CVE-2021-25986 Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

CVE-2021-25986

The CVE-2021-25986 entry concerns Django-wiki versions 0.0.20 through 0.7.8, which are vulnerable to Stored Cross-Site Scripting (XSS) in the Notifications Section. The root cause is that an attacker who has edit access can inject a JavaScript payload into the page title; when victims receive a n...

CVE-2021-25986 Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

ALPINE-CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...

DEBIAN-CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...

UBUNTU-CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...

Thawing Out the Chilling Effect Of DMCA Section 1201

The Copyright Office has issued the latest rules on exemptions to Section 1201 of the Digital Millennium Copyright Act DMCA. Great news: Legal protections for independent security research have once again been meaningfully strengthened. On the whole, these protections are now significantly greate...

CentOS 8 : binutils (CESA-2021:4364)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4364 advisory. - binutils: Race window allows users to own arbitrary files CVE-2021-20197 - binutils: Heap-based buffer overflow in bfdgetlsigned32 in libbfd.c becaus...

gcc-toolset-10-annobin security update

An update is available for gcc-toolset-10-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Annobin provides a compiler plugin to annotate and tools to...

binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfdgetlsigned32 in libbfd.c because shentsize is not validated in bfdelfslurpsecondaryrelocsection in elf.c...

json-c security and bug fix update

An update is available for json-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JSON-C implements a reference counting object model that allows users to easil...

sevctl bug fix and enhancement update

An update is available for sevctl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...