A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.
Category Archives: Advisories
CVE-2014-125089
A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.
radare2-5.8.2-1.el9
FEDORA-EPEL-2023-475352c21c
Packages in this update:
radare2-5.8.2-1.el9
Update description:
update to 5.8.2, fixes several CVE issues
c-ares-1.19.0-1.fc37
FEDORA-2023-b121bd62a9
Packages in this update:
c-ares-1.19.0-1.fc37
Update description:
Update to 1.19.0. Fixes CVE-2022-4904.
c-ares-1.19.0-1.fc36
FEDORA-2023-30e81e5293
Packages in this update:
c-ares-1.19.0-1.fc36
Update description:
Update to 1.19.0. Fixes CVE-2022-4904.
flatpak-runtime-f37-3720230216035716.1 flatpak-sdk-f37-3720230216035716.1
FEDORA-FLATPAK-2023-41da5c11ed
Packages in this update:
flatpak-runtime-f37-3720230216035716.1
flatpak-sdk-f37-3720230216035716.1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
Specifically, one of the updated packages is nss 3.88.1 that is required by latest thunderbird 102.8.0 flatpak: https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2023-39d93f840d
CVE-2015-10081
A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.
clamav-0.103.8-3.fc36
FEDORA-2023-3ba365d538
Packages in this update:
clamav-0.103.8-3.fc36
Update description:
Fix daily.cvd file
Split out documentation into separate -doc sub-package
(#2128276) Please port your pcre dependency to pcre2
Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
(#2136977) not requires data(clamav) on clamav-libs
(#2023371) Add documentation to preserve user permissions of DatabaseOwner
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
clamav-0.103.8-3.el7
FEDORA-EPEL-2023-466d8ae059
Packages in this update:
clamav-0.103.8-3.el7
Update description:
Fix daily.cvd file
Split out documentation into separate -doc sub-package
(#2128276) Please port your pcre dependency to pcre2
Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
(#2136977) not requires data(clamav) on clamav-libs
(#2023371) Add documentation to preserve user permissions of DatabaseOwner
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
plasma-workspace-5.27.0-4.fc37
FEDORA-2023-3b1fdbdfa1
Packages in this update:
plasma-workspace-5.27.0-4.fc37
Update description:
Add patch to disable global shortcuts at login for the SDDM Plasma Wayland configuration (#2171332)