#java

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-2274...

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22741: M...

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-2274...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQue...

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::...

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::...

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22741: M...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4140: Mozilla: Iframe sandbox bypass with XSLT * CVE-2022-22737: Mozilla: Race condition when playing audio files * CVE-2022-22738: Mozilla: Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22739: Mozilla: Missing throttling on external protocol launch dialog * CVE-2022-22740: Mozilla: Use-after-free of ChannelEventQue...