Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,
discovered that roundcube, a skinnable AJAX based webmail solution for
IMAP servers, did not correctly process and sanitize requests. This
would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
Two vulnerabilities have been discovered in Composer, a dependency
manager for PHP, which could result in arbitrary command execution by
operating on malicious git/hg repositories.
kitty-0.35.1-4.fc40
rebuild for rhbz#2292712
Posted by Andrey Stoykov on Jun 15
# Exploit Title: Business Logic Flaw and Username Enumeration in
spa-cartcmsv1.9.0.6
# Date: 6/2024
# Exploit Author: Andrey Stoykov
# Version: 1.9.0.6
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html
<http://msecureltd.blogspot.com/>
Description
– It was found that the application suffers from business logic flaw
– Additionally the application is vulnerable to username…
A buffer overflow was discovered in libndp, a library implementing the
IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of
service or potentially the execution of arbitrary code if malformed
IPv6 router advertisements are processed.
python-PyMySQL-1.1.1-1.fc40
Update to 1.1.1 to fix CVE CVE-2024-36039
python-PyMySQL-1.1.1-1.fc39
Update to 1.1.1 to fix CVE CVE-2024-36039
Multiple security issues were discovered in Thunderbird, which could
result inthe execution of arbitrary code.
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
thunderbird-115.12.0-2.fc39
Update to 115.12.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/
https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes/
