Post Content
Category Archives: Advisories
GLSA 202212-01: curl: Multiple Vulnerabilities
CVE-2020-36617
** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.
thunderbird-stable-3720221217163557.1
FEDORA-FLATPAK-2022-e2eea1e680
Packages in this update:
thunderbird-stable-3720221217163557.1
Update description:
Update to 102.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ ;
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
CVE-2021-4246
A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176.
CVE-2021-31650
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
CVE-2021-38241
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
samba-4.16.8-0.fc36
FEDORA-2022-7f9021ead1
Packages in this update:
samba-4.16.8-0.fc36
Update description:
Security fixes for CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023
libptytty-2.0-2.el8 rxvt-unicode-9.30-3.el8
FEDORA-EPEL-2022-49c3f833e1
Packages in this update:
libptytty-2.0-2.el8
rxvt-unicode-9.30-3.el8
Update description:
Update to rxvt-unicode 9.30
This mitigates CVE-2022-4170
Introduce libptytty as a dependency since upstream split it out in 9.29+
samba-4.17.4-0.fc37
FEDORA-2022-cb92b4ea21
Packages in this update:
samba-4.17.4-0.fc37
Update description:
Update to version 4.17.4