A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Cybersecurity experts have raised concerns around the recently announced standards by the Indian Computer Emergency Response Team.
0n 28 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued directives that, among other things, require entities to report cybersecurity incidents to the agency within six hours and maintain IT logs and communications for six months. The directives, to be effective from 27 June 2022, are applicable to all service providers, intermediaries, data centres, corporate bodies, and government organisations.
Some Indian cybersecurity practitioners say the six-hour incident reporting mandate is unnecessarily short and does not compare to the global standards. Jaspreet Singh, clients and markets leader at auditing firm Grant Thornton, notes that mature markets have reporting guidelines of 24 hours to 72 hours.
uboot-tools-2022.04-2.fc36
uboot-tools-2022.04-2:
Fixes for Pine64 Pinebook Pro
Fix for CVE-2022-30767 (NFSv2)
Fix for CVE-2018-25032 (zlib)
Two vulnerabilities were discovered in the containerd container
runtime, which could result in denial of service or incomplete restriction
of capabilities.
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
collectd-5.12.0-16.fc36
qemu-6.2.0-12.fc36
xen-4.16.1-2.fc36
stop building for ix86 and armv7hl due to missing build dependency
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]
Split qemu-user-static into per-arch subpackages (bz 2061584)
golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35
moby-engine-20.10.17-2.fc35
https://github.com/moby/moby/releases/tag/v20.10.17
Includes updates to bundled libraries that fix CVEs.
Bump to f6ccccb1c082a432c2a5814aaedaca56af33d9ea
golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36
moby-engine-20.10.17-2.fc36
https://github.com/moby/moby/releases/tag/v20.10.17
Includes updates to bundled libraries that fix CVEs.
Bump to f6ccccb1c082a432c2a5814aaedaca56af33d9ea
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.
