Read Time:9 Second
FEDORA-2022-0527a33ad8
Packages in this update:
golang-github-hashicorp-consul-sdk-0.13.0-1.fc36
Update description:
Update golang-github-hashicorp-consul-sdk to 1.13.0 (#1918592)
Category Archives: Advisories
DSA-5310 ruby-image-processing – security update
Read Time:12 Second
It was discovered that ruby-image-processing, a ruby package that
provides higher-level image processing helpers, is prone to a remote
shell execution vulnerability when using the #apply method to apply a
series of operations coming from unsanitized user input.
DSA-5309 wpewebkit – security update
Read Time:4 Second
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
DSA-5308 webkit2gtk – security update
Read Time:3 Second
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2017-12073
Read Time:6 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2017-20151
Read Time:19 Second
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.
CVE-2017-20152
Read Time:25 Second
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
CVE-2017-20153
Read Time:23 Second
A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
GitPython-3.1.30-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-1dfe84c7fe
Packages in this update:
GitPython-3.1.30-1.el9
Update description:
Latest upstream release with security fix for CVE-2022-24439.
GitPython-3.1.30-1.fc37
Read Time:7 Second
FEDORA-2022-8146a727a8
Packages in this update:
GitPython-3.1.30-1.fc37
Update description:
Latest upstream release with fix for CVE-2022-24439.