HTML document may be able to render iframes with sensitive user information (CVE-2022-0108) maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885) use-after-free vulnerability exists in WebCore::RenderLayer. This issue
Denial of service caused by handling a malicious text-form variant. (CVE-2023-24593) Denial of service caused by malicious serialised variant. (CVE-2023-25180) References:
HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279) Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT
Various security, performance, accuracy and stability issues. See referenced package announcements for details. References: - https://bugs.mageia.org/show_bug.cgi?id=30375
This kernel-linus update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Browser prompts could have been obscured by popups. (CVE-2023-32205) Crash in RLBox Expat driver. (CVE-2023-32206) Potential permissions request bypass via clickjacking. (CVE-2023-32207) Content process crash due to invalid wasm code. (CVE-2023-32211) Potential spoof due to obscured address bar. (CVE-2023-32212)
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks (CVE-2023-32205). An out-of-bounds read could have led to a crash in the RLBox Expat driver
Buffer Overflow vulnerability leading to denial of service via a crafted JXR file. (CVE-2021-33367) References: - https://bugs.mageia.org/show_bug.cgi?id=31888
Angle brackets () were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input. (CVE-2023-24539)