FEDORA-2023-1bffe413e9

Packages in this update:

LibRaw-0.20.2-8.fc36

Update description:

Patch for CVE-2023-1729.

Read More

FEDORA-2023-659606fa84

Packages in this update:

LibRaw-0.21.1-4.fc38

Update description:

Patch for CVE-2023-1729.

Read More

Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.

Read More

Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.

Read More

Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.

Read More

Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.

Read More

Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.

Read More

Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.

Read More

File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.

Read More

USN-6060-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.7.42 in Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-42.html
https://www.oracle.com/security-alerts/cpuapr2023.html

Read More