Important: Red Hat Security Advisory: OpenShift Virtualization v4.20 Images

Red Hat OpenShift Virtualization release v4.20 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Important: Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release

The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

Important: Red Hat Security Advisory: RHTAS 1.3.1 - Red Hat Trusted Artifact Signer Release

The 1.3.1 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

CVE-2022-0449

The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2024-34510

Gradio before 4.20 allows credential leakage on Windows...

GSD-2022-1001867 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit 811b667cefbea9cb7511a874b169d6a92907137e, it...

WordPress Flexi – Guest Submit plugin <= 4.19 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Felipe Tapia Sasot in WordPress Flexi – Guest Submit plugin versions = 4.19. Solution Update the WordPress Flexi – Guest Submit plugin to the latest available version at least 4.20...

UVI-2021-1000493 uio_hv_generic: Fix another memory leak in error handling paths

uiohvgeneric: Fix another memory leak in error handling paths This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.7 by commit...

CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

CVE-2018-16871

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to...

CVE-2019-0269

SAP BusinessObjects Business Intelligence Platform BI Workspace, versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0262

SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0262

SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting XSS vulnerability...

Arista EOS Mlag agent denial of service vulnerability

Arista EOS is a suite of modular operating systems from Arista Networks, Inc. that provide the foundation platform for next-generation data center and cloud networking business requirements. mlag agent is one of the Mlag agents. A security vulnerability exists in the Mlag agent in Arista EOS...

phpVibe Stored Cross Site Scripting

phpVibe The vulnerability exists because the user input is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser -- Proof of Concept -- 1. The attacker posts a new comment which contains our payload: " 2. The stored XSS can be triggered...

Hex Workshop 4.235.16.0 - .hex Universal Local Buffer Overflow (SEH)

Hex Workshop 4.235.16.0 - .hex Universal Local Buffer Overflow SEH !/usr/bin/perl by hack4love [email protected] Hex Workshop v3//4//5//6 .hex Universal Local Buffer ExploitS SEH Found By: DATASNIPER http://www.bpsoft.com/downloads/ info:: i write 3 exploits for the 3 v...

File(1) 4.13 - Command File_PrintF Integer Underflow

File1 4.13 - Command FilePrintF Integer Underflow // source: https://www.securityfocus.com/bid/23021/info The file1 command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data. An attacker can leverage this issue to corrupt heap memory...

File(1) 4.13 - Command File_PrintF Integer Underflow

// source: https://www.securityfocus.com/bid/23021/info The file1 command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data. An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of ...

W-Agora 4.2 - BBCode Script Injection

W-Agora 4.2 - BBCode Script Injection source: https://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora...

W-Agora 4.2 - BBCode Script Injection

source: https://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora can be configured to send all user...