None ## Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, Microsoft Word information disclosure vulnerability, and Microsoft Word remote code exe ...
Continue ReadingNovember 15, 2022
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:7519 advisory. - sanitize-url: XSS due to improper sanitization in ...
Continue ReadingNovember 15, 2022
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7519 advisory. - The package @braintree/sanitize-url before 6.0.0 are ...
Continue ReadingNovember 15, 2022
The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site ...
Continue ReadingNovember 15, 2022
The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.Read More ...
Continue ReadingNovember 15, 2022
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue ReadingNovember 15, 2022
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+ ...
Continue ReadingNovember 15, 2022
[7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/https: improper sanitization of Transfer-Encoding header - resolve CVE ...
Continue ReadingNovember 15, 2022
Back to Main