A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
Category Archives: Advisories
CVE-2020-11101
Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.
CVE-2020-12067
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user’s password may be changed by an attacker without knowledge of the current password.
CVE-2020-12069
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort.
CVE-2019-25085
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
CVE-2019-25084
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767.
CVE-2020-36627
A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability.
webkitgtk-2.38.3-2.fc37
FEDORA-2022-6bc49e9e54
Packages in this update:
webkitgtk-2.38.3-2.fc37
Update description:
Update to 2.38.3:
Fix runtime critical warnings from media player.
Fix network process crash when fetching website data on ephemeral session.
Fix the build with Ruby 3.2.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
w3m-0.5.3-58.git20220429.el9
FEDORA-EPEL-2022-e4e5ecabcf
Packages in this update:
w3m-0.5.3-58.git20220429.el9
Update description:
Added upstream patch to address CVE-2022-38223 (#2126270)
w3m-0.5.3-58.git20220429.el8
FEDORA-EPEL-2022-5564c168f5
Packages in this update:
w3m-0.5.3-58.git20220429.el8
Update description:
Added upstream patch to address CVE-2022-38223 (#2126270)