#web

### Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Peter Schuler who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

ABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Ubuntu Security Notice 7057-1 - It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack.

Apple Security Advisory 10-03-2024-1 - iOS 18.0.1 and iPadOS 18.0.1 addresses an audio capturing issue and a logic issue related to passwords being read aloud.

Red Hat Security Advisory 2024-7726-03 - Red Hat OpenShift Service Mesh Containers for 2.6.2. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7725-03 - Red Hat OpenShift Service Mesh Containers for 2.5.5. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7724-03 - Red Hat OpenShift Service Mesh Containers for 2.4.11. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-7706-03 - An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2024-7704-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-7703-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass and denial of service vulnerabilities.