FEDORA-2023-553fe307dc
Packages in this update:
python-reportlab-4.0.4-2.fc38
Update description:
Release 4.0.4
python-reportlab-4.0.4-2.fc38
Release 4.0.4
python-reportlab-4.0.4-2.fc37
Release 4.0.4
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function.
Cross Site Scripting vulnerabiltiy in eZ Systems AS uZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.swf.
Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
Personal data of over 45,000 public school students was compromised in a breach involving the file-transfer software MOVEit, according to a community letter sent to families and staff by the New York City Department of Education.
“DOE used MOVEit to transfer documents and data internally as well as to and from vendors, including third party special education service providers,” the letter said.
The breach is the latest expoit of a SQL injection vulnerability found in MOVEit Transfer, a widely used file transfer software by Progress Software.
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.
The discovery comes from security researchers at Cyble Research and Intelligence Labs