Wojciech Regula discovered an XML External Entity vulnerability in theXML Parser of the mindmap loader in freeplane, a Java program forworking with mind maps, resulting in potential information disclosure ifa malicious mind map file is opened.
More info:
https://www.debian.org/security/2018/dsa-4175
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red HatEnterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for RedHat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1088
More info:
http://rhn.redhat.com/errata/RHSA-2018-1136.html
Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).We would like to thank the
More info:
https://www.drupal.org/sa-core-2018-003
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red HatEnterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for RedHat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1088
More info:
http://rhn.redhat.com/errata/RHSA-2018-1137.html
