Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this...

Design/Logic Flaw

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

CVE-2023-25168 Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

GHSA-HWQC-PGJW-VJQP Cross-Site Request Forgery in GilaCMS

A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...

Cross-Site Request Forgery in GilaCMS

A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...

Sql injection

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...

CVE-2020-20693

A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...

CVE-2020-20696

A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...

CVE-2020-20695

A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...

CVE-2020-20692

CVE-2020-20692 affects GilaCMS v1.11.4 with a SQL injection via the $_GET parameter in /src/core/controllers/cm.php . Root cause: improper handling of user input enabling SQL injection. NVD metrics (CVSSv3.1) show base score 7.2 (HIGH), network attack, low complexity, privileges required: HIGH, n...

GHSA-7RRM-V45F-JP64 Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

Summary Nokogiri v1.11.4 updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 Medium severity - CVE-2020-24977 Medium severity - CVE-2021-3517 Medium severity - CVE-2021-3518 Medium severity - CVE-2021-3537 Low severity - CVE-2021-3541 Low severity Note that two...

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

Summary Nokogiri v1.11.4 updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 Medium severity - CVE-2020-24977 Medium severity - CVE-2021-3517 Medium severity - CVE-2021-3518 Medium severity - CVE-2021-3537 Low severity - CVE-2021-3541 Low severity Note that two...