KDDI CORPORATION, NTT DOCOMO, INC., And SoftBank Corp. Security Vulnerabilities

python3.12-lxml bug fix and enhancement update

An update is available for python3.12-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

gnome-shell bug fix and enhancement update

An update is available for gnome-shell. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

python-pip bug fix and enhancement update

An update is available for python-pip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....

inc-conso.fr Cross Site Scripting vulnerability OBB-3872425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

containernetworking-plugins security and bug fix update

[1:1.4.0-3] - rebuild for CVE-2023-45290 - Resolves:...

Jira Server and Data Center - Information Disclosure

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before...

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection

...

Jira Server and Data Center - Information Disclosure

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from...

virt:ol and virt-devel:rhel security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...

ZendFramework Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

ZendFramework Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to version...

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

dotmesh arbitrary file read and/or write

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

LDAP Injection

Apache Derby is vulnerable to LDAP Injection. The vulnerability is due to improper input validation in the username field which can be used to bypass authentication checks. This can be exploited by an attacker by injecting malicious usernames, and as a result fill up the disk by creating junk...

(RHSA-2024:2962) Moderate: virt:rhel and virt-devel:rhel security and enhancement update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

ruby:3.1 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

cockpit-session-recording bug fix and enhancement update

An update is available for cockpit-session-recording. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...

intel-cmt-cat bug fix and enhancement update

An update is available for intel-cmt-cat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

perl-HTTP-Tiny bug fix and enhancement update

An update is available for perl-HTTP-Tiny. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

alsa-sof-firmware bug fix and enhancement update

An update is available for alsa-sof-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....

Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): urllib3: Request body not stripped after redirect from 303 status...

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

dnf-plugins-core bug fix and enhancement update

An update is available for dnf-plugins-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky.....

org.apache.velocity Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.21.5, 7.21.6, and 7.21.7 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

ADP Grant - Intent mismatch between Intent.toUri and Intent.parseUri

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer...

gvisor-tap-vsock security and bug fix update

An update is available for gvisor-tap-vsock. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A replacement for libslirp and VPNKit, written in pure Go. It is...

xdg-desktop-portal bug fix and enhancement update

An update is available for xdg-desktop-portal. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available...

python-linux-procfs bug fix and enhancement update

An update is available for python-linux-procfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

CVE-2024-21026

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...

ruby:3.3 security, bug fix, and enhancement update

An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

rhel-system-roles bug fix and enhancement update

An update is available for rhel-system-roles. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....

crash-trace-command bug fix and enhancement update

An update is available for crash-trace-command. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

shared-mime-info bug fix and enhancement update

An update is available for shared-mime-info. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky.....

gvisor-tap-vsock security and bug fix update

[6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves:...

Veeam Data Cloud Release Information and Build Numbers

Veeam Data Cloud Release Information and Build...

Can access comments and attachments of deleted cards

Description Impact A user with access to a deck board was able to access comments and attachments of already deleted cards. Patches It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1 Workarounds Disable Deck app References HackerOne...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

open-vm-tools bug fix and enhancement update

An update is available for open-vm-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

ibus-typing-booster bug fix and enhancement update

An update is available for ibus-typing-booster. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress < 9.0.2 - Authenticated (Contributor+) SQL Injection

Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of...