Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: elf: Ignore LDLIBRARYPATH and debug env var for setuid for static bsc1243317 pthreads NPTL: lost wakeup fix 2 bsc1234128, BZ 25847 Mark functions in libcnonshared.a as hidden bsc1239883 Linux: Switch back to assembly syscall wrapper...

CVE-2024-1106

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2455

The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-29109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10...

CVE-2024-0966

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'infotext'. This makes it possible for...

CVE-2024-26279

The wrapper extensions do not correctly validate inputs, leading to XSS vectors...

CVE-2023-28448

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-30442

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

CVE-2021-32415

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates...

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2013-0265

The redirectstderr function in xnbdcommon.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log...

CVE-2007-4304

CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages"...

Malicious code in o1js-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9235ed25ae95d4286d7a3d5379bd815865a81ccbbf126851fcc04271ec639987 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3846 Malicious code in o1js-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9235ed25ae95d4286d7a3d5379bd815865a81ccbbf126851fcc04271ec639987 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

php: Stream HTTP wrapper truncates redirect location to 1024 bytes

A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon :, which may confuse applications into processing them as valid headers...

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...