FEDORA-2022-a7d438b30b
Packages in this update:
stargz-snapshotter-0.10.2-1.fc35
Update description:
Security fix for CVE-2022-21698
stargz-snapshotter-0.10.2-1.fc35
Security fix for CVE-2022-21698
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
openscad-2021.01-8.fc34
Security fixes for CVE-2022-0496 and CVE-2022-0497
openscad-2021.01-8.fc35
Security fixes for CVE-2022-0496 and CVE-2022-0497
openscad-2021.01-8.fc36
Security fixes for CVE-2022-0496 and CVE-2022-0497
openscad-2021.01-8.fc37
Automatic update for openscad-2021.01-8.fc37.
* Tue Apr 5 2022 Lumír Balhar <lbalhar@redhat.com> – 2021.01-8
– Security fixes for CVE-2022-0496 and CVE-2022-0497
– Fixes: rhbz#2050696 rhbz#2050700
New Remote Access Trojan that provides ransomware services to threat actors is no laughing matter