#js

### Impact A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: * For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. * For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. Because of the uncommon configuration required, the limited information a malicious user, and the amount of guesses/time the attack would need; the severity is rated as low. ### Patches The issue is fixed by #15601. ### Workarounds The default configuration of the `url_preview_ip_range_black...

Red Hat Security Advisory 2023-3445-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include a denial of service vulnerability.

### Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: * [JSON Web Tokens are enabled for login](https://matrix-org.github.io/synapse/latest/jwt.html) via the `jwt_config.enabled` configuration setting * The [local password database is enabled](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config) via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is [updated via an admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account) after a user is deactivated. **Note that the local password database is enabled by default**, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an e...

## Impact 1. A compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. 2. Adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. ## Risk As long as trusted devices are used, the risk is low. Additionally, the web GUI is not used that often in daily use which reduces the likelihood of exploitation. ## Details ### 1. Field "Latest Change" * Open the web GUI at [http://127.0.0.1:8384/](http://127.0.0.1:8384/). * Create/Delete a file named ```<img src=a onerror=alert(123)>``` and sync it to the other instance. * Move your mouse over the latest change to trigger the tooltip. <img width="834" alt="latest-change" src="https://user-images.githubusercontent.com/9484134/2050...

Red Hat Security Advisory 2023-3431-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-3429-02 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3426-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3423-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

### Summary Some avo fields are vulnerable to XSS when rendering html based content. ### Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix editor in the backend to edit rich text data which basically operates with html tags. To display the stored data in a rendered view, the HasHTMLAttributes concern is used. This can be exploited by an attacker to store javascript code in any trix field by intercepting the request and modifying the post data, as the trix editor does not allow adding custom html or js tags on the frontend. ### PoC  _Adding javascript in the post request which is used when editing a "post" resource (body is declared as a trix field)_ ![image](https://user-images.githubusercontent.com/26464774/2...

An update for emacs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-48339: A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.