Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.
45d877f2bc8d1d68f308fad7fe918c90f982d284964eee41b93805a3c6fb1ad2
Red Hat Security Advisory 2023-0479-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.
d5a8a460836a1434a477fb5c4989e348088a2cd4c81068198b4abc49a30ab0ac
Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.
f0bbf9c04ccb2873653f86035ec08f7b9388e540d28d2f705eaf53a75692bfea
Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
72e5be8502372f25a305cf0e5e848f49100f6c4c07231ed340c9052cb558a635
Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.
5e9eaa591a250702e16d36f855a65138db55f846075d60d7208d9a3e346086a8
Red Hat Security Advisory 2023-0294-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
ab4c27a56bfd50be18a850fba4a30e3a052a6b53070d078de5e0ebe47efa7d99
Red Hat Security Advisory 2023-0321-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
e0c653b344cad061ff2db4d48425d59d51ad956a499681962b6bdd29869c3026
Red Hat Security Advisory 2023-0289-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
f8a347e68750841335df8e115c8ea7b16322d3d5febd59dfe769fef4aaf8cab1
Red Hat Security Advisory 2023-0290-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
883d4c7cbf458e7d07ae35c725fe10a741cb801d639bd372c4f5f711e48aa2c7
Red Hat Security Advisory 2023-0333-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
bd289a2fa2e1a33cbfb8e8eba477c0aa660f2e89cda2d1d059db45b1930f32cf
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
fc001643a6e5b7c0b2a05ecbee48a78fcb234cb56c2c6ca5347f8ad3e4ce89ab
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
42ffb63a49095d8ee149f774976094f19968a0792fd304aa41ac09aef23cbf7c
Red Hat Security Advisory 2023-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
3b1592820bbef193d075e1f870ea6136f7164b3d9d1035ab9b0a4ed30b84d808
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
a37de55d70917803971d4d395a27286d31189d6db7e26297aeb1a6c1aa260d80
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
f885933cc426c44b869b00f992c2be8404a34f40a48bdb337b1dc4cca61cd2e3
Red Hat Security Advisory 2023-0296-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
f131ce619ab7f571bc3f1cad93ca9f7c57b463c9f6830ee5a7c65cb9cb0d6fe2
Debian Linux Security Advisory 5322-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
eb4baacbcf64fe1cdd00c7283b49fcb3f7f1bbde124afc14c22a6e4c843a15ee
Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.
75ea48c38a96b7594dbd0877d422b431f6c885a45730d787e0fa46952d38d26c
Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
d79e44dc740a4bdba61067f17bc2f8d1870d872798afcbc0a4bdd6ffab09ccdd
eCart Web version 5.0.0 suffers from a cross site scripting vulnerability.
e72f56a0b136ad4d7215662fb4e94fa28b79b57e199ed4353a8831db37b3da89
Ubuntu Security Notice 5798-1 - Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint.
6f04e95fb87ef0a2799772fb3d4c02ce94894556c53f409d710c5dc07039eaa0
eCart Web version 4.0.0 appears to leave a default administrative account in place post installation.
5f4831484c2a6347bfd3953e993fa0b0c543702e4b64f7aae13418bbf440e002
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cd
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
86034d92ebf8f6623dad95f1031ded1466e064b96ffac9d3e9d47229ac2c22ff
Debian Linux Security Advisory 5311-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or denial of service.
990cbc4c27bc00413fc821fd5e596736910270440e68916352b4cf984d9ea06a