GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

### During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki.

### Impact
This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS

### Patches
Affected users are recommended to upgrade to version 0.3.7

### References
See also https://github.com/rustsec/advisory-db/blob/main/crates/rustls-webpki/RUSTSEC-2023-0053.md


**ntpd has Dependency on Vulnerable Third-Party Component**

Low severity GitHub Reviewed Published Aug 24, 2023 in pendulum-project/ntpd-rs • Updated Aug 24, 2023

Headline

GHSA-37xq-q42p-rv3p: ntpd has Dependency on Vulnerable Third-Party Component

During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki.

Impact

Patches

References

ghsa: Latest News