Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Red Hat Security Advisory 2024-9644-03

Red Hat Security Advisory 2024-9644-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Packet Storm
#vulnerability#web#linux#red_hat#dos#js
Red Hat Security Advisory 2024-9637-03

Red Hat Security Advisory 2024-9637-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-9624-03

Red Hat Security Advisory 2024-9624-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.

GHSA-gv5h-5655-h4mv: django CMS Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.

GHSA-qvf5-hvjx-wm27: Apache Tomcat Request and/or response mix-up

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

GHSA-mg54-p2wj-5ph7: moodle: IDOR when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

GHSA-x3x9-349x-2485: moodle: IDOR in edit/delete RSS feed

A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.

GHSA-cq5f-wv7p-5gfc: Moodle leaks user names

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

GHSA-fjq9-452g-jg3q: moodle: Some users can delete audiences of other reports

A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

GHSA-3wf4-68gx-mph8: Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.