A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.

Read More

FEDORA-2023-597f13ffb9

Packages in this update:

rubygem-redcarpet-3.3.2-26.fc36

Update description:

A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.

Read More

FEDORA-2023-8682a0e17d

Packages in this update:

rubygem-redcarpet-3.3.2-26.fc37

Update description:

A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.

Read More

FEDORA-2023-44daa9c1d4

Packages in this update:

rubygem-redcarpet-3.3.2-26.fc38

Update description:

A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.

Read More

FEDORA-2023-0ab3a5423f

Packages in this update:

java-11-openjdk-portable-11.0.19.0.7-2.fc37

Update description:

Updatings portables to ajva April security update, with few enhancements be properly repacked.

Read More

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

Read More

FEDORA-EPEL-2023-342b96903b

Packages in this update:

zarafa-7.1.14-6.el7

Update description:

Backported patch from Debian to fix CVE-2022-26562 (#2192126)

Read More

FEDORA-2023-0c6723004f

Packages in this update:

golang-github-prometheus-alertmanager-0.23.0-15.fc39

Update description:

Automatic update for golang-github-prometheus-alertmanager-0.23.0-15.fc39.

Changelog

* Sat Apr 29 2023 Sérgio M. Basto <sergio@serjux.com> – 0.23.0-15
– Include s390x, and disable tests because it is failing
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 0.23.0-14
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> – 0.23.0-13
– Rebuild to fix FTBFS
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 0.23.0-12
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 0.23.0-11
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Thu Jun 23 2022 Maxwell G <gotmax@e.email> – 0.23.0-10
– Rebuild to mitigate CVE-2022-21698 (rhbz#2067400).

Read More

Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.

Read More