It was discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, did not properly sanitize HTML
messages. This would allow an attacker to load arbitrary JavaScript
code.

https://security-tracker.debian.org/tracker/DSA-5531-1

Read More

It was discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, did not properly sanitize HTML messages.
This would allow an attacker to load arbitrary JavaScript code.

Read More

views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith(“/”) but this does not consider a protocol-relative URL (e.g., //example.com) attack.

Read More

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

Read More

FEDORA-2023-699bd1497e

Packages in this update:

rt-5.0.5-2.fc39

Update description:

Upstream security and bugfix update.

Read More

FEDORA-2023-64fe19f832

Packages in this update:

rt-5.0.5-1.fc38

Update description:

Upstream security and bugfix update.

Read More

FEDORA-2023-dda28e9e7c

Packages in this update:

rt-5.0.5-1.fc39

Update description:

Upstream security and bugfix update.

Read More

Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.

https://security-tracker.debian.org/tracker/DSA-5530-1

Read More

Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.

Read More

FEDORA-2023-1f851fa869

Packages in this update:

slurm-22.05.10-1.fc37

Update description:

Update to slurm 22.05.10
Use mariadb-connector-c-devel not mariadb-devel
Closes CVE-2023-41914

Read More