#vulnerability

Gentoo Linux Security Advisory 202401-6 - A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter. Versions greater than or equal to 1.28.17-r2 are affected.

Gentoo Linux Security Advisory 202401-5 - A vulnerability has been found in RDoc which allows for command injection. Versions greater than or equal to 6.3.2 are affected.

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.

Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

Easy Chat Server version 3.1 suffers from a denial of service vulnerability.

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an

### Impact _What kind of vulnerability is it? Who is impacted?_ This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a [`#call` method](https://viewcomponent.org/guide/templates.html#call) (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the [`#output_postamble` method](https://viewcomponent.org/api.html#output_postamble--string) is not sanitized, which can also lead to XSS issues. ### Patches _Has the problem been patched? What versions should users upgrade to?_ Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Sanitize the return value of `#call`, eg: `...

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references. ### Original Description encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.