container-tools:rhel8 security update

slirp4netns 1.2.3-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3 - Related: Jira:RHEL-2110 1.2.2-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2 - Related: Jira:RHEL-2110 1.2.1-1 - update to...

CVE-2024-53387

CVE-2024-53387 affects umeditor v1.2.3 and is described as a DOM Clobbering vulnerability that allows arbitrary code execution via a crafted HTML element. The root cause is a DOM clobber issue in the editor component; exploitation requires user interaction (per CVSS vector). Impact is high (C/H/I...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2023-41616

A reflected cross-site scripting XSS vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload...

GHSA-WJW2-4J7J-6GC3 Winter CMS stored XSS through privileged upload of SVG file

Impact Users with the backend.managebranding permission can upload SVGs as the application logo. Previously, SVG uploads were not sanitized, which could have allowed a stored XSS attack. Although this was a security issue, it's important to note that its severity is low. To exploit the...

CVE-2023-23086

Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function...

CVE-2020-18145

Cross Site Scripting XSS vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php...

CVE-2020-18145

Cross Site Scripting XSS vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php...

CVE-2020-18145

UMeditor 1.2.3 is affected by a Cross Site Scripting (XSS) vulnerability exploitable via /public/common/umeditor/php/getcontent.php. The issue originates from a flaw in how input is handled, enabling an attacker to inject and execute client-side code. Affected component/file: getcontent.php in um...

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

CVE-2017-1000053

Elixir Plug prior to v1.0.4, v1.1.7, v1.2.3, and v1.3.2 is vulnerable to arbitrary code execution via deserialization in Plug.Session. The issue stems from the deserialization functions of Plug.Session, per CVE-2017-1000053. NVD notes a base score of 6.8 (MEDIUM) under CVSS2 and 8.1 (HIGH) under ...

pwpphp122.txt

PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / \ / // / /// // / // / / / / // / / .///// / .//...