CVE-2016-15022

Read Time:26 Second

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER[‘SERVER_SOFTWARE’] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.

Read More

CVE-2009-10003

Read Time:24 Second

A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.

Read More

USN-5823-3: MySQL regression

Read Time:49 Second

USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced
a regression in MySQL Router preventing connections from PyMySQL. This
update reverts most of the changes in MySQL Router to 8.0.31 until a proper
fix can be found.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
https://www.oracle.com/security-alerts/cpujan2023.html

Read More

CVE-2021-4315

Read Time:28 Second

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.

Read More

rust-exa-0.10.1-9.el9 rust-pore-0.1.8-2.el9 rust-resctl-bench-2.1.2-8.el9 rust-resctl-demo-2.1.2-8.el9

Read Time:28 Second

FEDORA-EPEL-2023-b7a22b9abd

Packages in this update:

rust-exa-0.10.1-9.el9
rust-pore-0.1.8-2.el9
rust-resctl-bench-2.1.2-8.el9
rust-resctl-demo-2.1.2-8.el9

Update description:

This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-29187 in the bundled copies of libgit2.

Updates pore to 0.1.8

Speed up update_remote_refs
Fall back to /etc/pore.toml if it exists.

Read More