#java

Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-2274...

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22741: M...

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-2274...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQue...

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::...

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::...

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22741: M...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQue...

Red Hat OpenShift Container Platform release 4.6.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern