Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start.
Category Archives: Advisories
DSA-5265 tomcat9 – security update
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
DSA-5264 batik – security update
It was discovered that Apache Batik, a SVG library for Java, allowed
attackers to run arbitrary Java code by processing a malicious SVG file.
DSA-5263 chromium – security update
A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.
CVE-2021-36898
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2021-36864
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2021-36863 (quiz_and_survey_master)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVE-2021-38217 (semcms)
CVE-2021-36858 (testimonials)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.
xerces-c-3.2.3-5.el8
FEDORA-EPEL-2022-fac3491880
Packages in this update:
xerces-c-3.2.3-5.el8
Update description:
Update to 3.2.3 (#1788475)