Vulnerabilities

When installing a package from a Mercurial VCS URL (ie "pip install <br /> hg+...") with pip prior to v23.3, the specified Mercurial revision could<br /> be used to inject arbitrary configuration options to the "hg clone" <br /> call (ie "--config"). Controlling the Mercurial configuration can modify<br /> how and which repository is installed. This vulnerability does not <br /> affect users who aren&amp;#39;t installing from Mercurial.

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site&amp;#39;s root directory or /wp-content and /wp-includes folders and achieve remote code execution.

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

A heap out-of-bounds write vulnerability in the Linux kernel&amp;#39;s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.<br /> <br /> If perf_read_group() is called while an event&amp;#39;s sibling_list is smaller than its child&amp;#39;s sibling_list, it can increment or write to memory locations outside of the allocated buffer.<br /> <br /> We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox

Issue summary: A bug has been identified in the processing of key and<br /> initialisation vector (IV) lengths. This can lead to potential truncation<br /> or overruns during the initialisation of some symmetric ciphers.<br /> <br /> Impact summary: A truncation in the IV can result in non-uniqueness,<br /> which could result in loss of confidentiality for some cipher modes.<br /> <br /> When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or<br /> EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after<br /> the key and IV have been established. Any alterations to the key length,<br /> via the "keylen" parameter or the IV length, via the "ivlen" parameter,<br /> within the OSSL_PARAM array will not take effect as intended, potentially<br /> causing truncation or overreading of these values. The following ciphers<br /> and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.<br /> <br /> For the CCM, GCM and OCB cipher modes, truncation of the IV can result in<br /> loss of confidentiality. For example, when following NIST&amp;#39;s SP 800-38D<br /> section 8.2.1 guidance for constructing a deterministic IV for AES in<br /> GCM mode, truncation of the counter portion could lead to IV reuse.<br /> <br /> Both truncations and overruns of the key and overruns of the IV will<br /> produce incorrect results and could, in some cases, trigger a memory<br /> exception. However, these issues are not currently assessed as security<br /> critical.<br /> <br /> Changing the key and/or IV lengths is not considered to be a common operation<br /> and the vulnerable API was recently introduced. Furthermore it is likely that<br /> application developers will have spotted this problem during testing since<br /> decryption would fail unless both peers in the communication were similarly<br /> vulnerable. For these reasons we expect the probability of an application being<br /> vulnerable to this to be quite low. However if an application is vulnerable then<br /> this issue is considered very serious. For these reasons we have assessed this<br /> issue as Moderate severity overall.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because<br /> the issue lies outside of the FIPS provider boundary.<br /> <br /> OpenSSL 3.1 and 3.0 are vulnerable to this issue.

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &amp;#39;advMenu&amp;#39; shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &amp;#39;bsk-pdfm-category-dropdown&amp;#39; shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &amp;#39;plugin_delete_me&amp;#39; shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on &amp;#39;icon&amp;#39; user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.