FEDORA-EPEL-2023-cd6dc8dccf

Packages in this update:

wordpress-5.1.16-1.el7

Update description:

WordPress 5.1.16 Security Release

Includes security fixes from 6.2.1

Read More

FEDORA-2023-db50dafcaa

Packages in this update:

wordpress-6.2.1-1.fc37

Update description:

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Read More

FEDORA-EPEL-2023-b725f0f13a

Packages in this update:

wordpress-6.2.1-1.el9

Update description:

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Read More

FEDORA-2023-2c2171e034

Packages in this update:

wordpress-6.2.1-1.fc38

Update description:

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Read More

This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability.

Read More