Read Time:17 Second

FEDORA-EPEL-2023-3d9a822df5

Packages in this update:

rust-pore-0.1.8-5.el9

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

https://rustsec.org/advisories/RUSTSEC-2023-0044.html
https://rustsec.org/advisories/RUSTSEC-2023-0072.html

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Stored XSS in "Message" Functionality - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

XSS via SVG Image Upload – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

Posted by Housma mardini on Apr 23 Hi Full Disclosure, I'd like to share a local privilege escalation technique involving...

April 24, 2025

USN-7454-1: libarchive vulnerabilities

It was discovered that the libarchive bsdunzip utility incorrectly handled certain ZIP archive files. If a user or automated system...

April 23, 2025

USN-7453-1: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

April 23, 2025

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

DOGE Worker’s Code Supports NLRB Whistleblower

Regulating AI Behavior with a Hypervisor

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

rust-pore-0.1.8-5.el9

FEDORA-EPEL-2023-3d9a822df5

Packages in this update:

Update description:

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

XSS via SVG Image Upload – AlegroCartv1.2.9

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

USN-7454-1: libarchive vulnerabilities

USN-7453-1: Linux kernel (Real-time) vulnerabilities