#debian

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. ### References - https://nvd.nist.gov/vuln/detail/CVE-2022-40149 - https://github.com/jettison-json/jettison/issues/45 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 - https://github.com/jettison-json/jettison/pull/49/files - https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1 - https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html - https://www.debian.org/security/2023/dsa-5312

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

Debian Linux Security Advisory 5463-1 - A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments.

Debian Linux Security Advisory 5462-1 - Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests.

Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CMSshop version 1 suffers from a cross site scripting vulnerability.

Copyparty version 1.8.2 suffers from a directory traversal vulnerability.

Copyparty version 1.8.6 suffers from a cross site scripting vulnerability.

Debian Linux Security Advisory 5460-1 - It was discovered that Curl performed incorrect file path handling when saving cookies to files, which could lead to the creation or overwriting of files.