Moderate: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.4 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

CLSA-2024-1730296987 Update of krb5

Modify the spec file not to skip the %check section during the build...

kernel: mm/sparsemem: fix race in accessing memory_section->usage

A race condition was found on a PFN in the Linux Kernel, which can fall into the device memory region with the system memory configuration. Normal zone start and end PFNs contain the device memory PFNs as well, and the compaction triggered will try on the device memory PFNs and end up in NOP. Thi...

kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 "mm/sparsemem: fix race in accessing memorysection-usage" changed pfnsectionvalid to add a READONCE call around "ms-usage" to fix a race with sectiondeactiva...

kernel: mm/sparsemem: fix race in accessing memory_section->usage

A race condition was found on a PFN in the Linux Kernel, which can fall into the device memory region with the system memory configuration. Normal zone start and end PFNs contain the device memory PFNs as well, and the compaction triggered will try on the device memory PFNs and end up in NOP. Thi...

containernetworking-plugins security update

An update is available for containernetworking-plugins. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Container Network Interface CNI project consists of a...

Important: Red Hat Security Advisory: NetworkManager-libreswan security update

An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated...

GHSA-C5G6-6XF7-QXP3 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...

CVE-2024-47819

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-48925

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to th...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819

CVE-2024-47819 – Umbraco XSS (Dictionary section) Affected: Umbraco CMS (.NET) versions 14.0.0 up to, but not including, 14.3.1 and 15.0.0.Root cause: cross-site scripting vulnerability in the Dictionary section that can be triggered by an admin-privileged user to execute injected scripts.Impact:...

CVE-2024-49980 vrf: revert "vrf: Remove unnecessary RCU-bh critical section"

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...