Description
CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 candlepin and puppetserver: various flaws.
CVE-2022-22577 tfm-rubygem-actionpack: rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack.
CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to denial of service.
CVE-2022-23515 rubygem-loofah: rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting.
CVE-2022-23516 rubygem-loofah: Uncontrolled Recursion leading to denial of service.
CVE-2022-23517 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service.
CVE-2022-23518 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting.
CVE-2022-23519 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations.
CVE-2022-23520 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations.
CVE-2022-27777 tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers.
CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution.
CVE-2022-32224 tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record.
CVE-2022-33980 candlepin: apache-commons-configuration2: Apache Commons Configuration insecure interpolation defaults.
CVE-2022-41323 satellite-capsule:el8/python-django: Potential denial-of-service vulnerability in internationalized URLs.
CVE-2022-41946 candlepin: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions.
CVE-2022-42003 CVE-2022-42004 candlepin: various flaws.
CVE-2022-42889 candlepin: apache-commons-text: variable interpolation RCE.
CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to denial of service.
CVE-2023-23969 python-django: Potential denial-of-service via Accept-Language headers.
CVE-2023-24580 python-django: Potential denial-of-service vulnerability in file uploads.