Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
Monthly Archives: May 2023
CVE-2020-19660
Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.
CVE-2020-18282
Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVE-2020-18132
Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.
CVE-2020-18131
Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.
CIS Benchmarks May 2023 Update
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for May 2023.
USN-6060-2: MySQL vulnerabilities
USN-6060-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.7.42 in Ubuntu 16.04 ESM.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-42.html
https://www.oracle.com/security-alerts/cpuapr2023.html
USN-6061-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
golang-1.19.9-1.fc37
FEDORA-2023-12504e8774
Packages in this update:
golang-1.19.9-1.fc37
Update description:
go1.19.9 (released 2023-05-02) includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the crypto/tls and syscall packages. See the milestone on the issue tracker for details.
USN-6060-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL
5.7.42.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-42.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-33.html
https://www.oracle.com/security-alerts/cpuapr2023.html