Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled
certain inputs. A remote attacker could possibly use this issue to cause
a denial of service.

Read More

FEDORA-2022-cb7084ae1c

Packages in this update:

moodle-3.11.11-1.fc35

Update description:

Fixes for multiple CVEs

Read More

FEDORA-2022-f7fdcb1820

Packages in this update:

moodle-3.11.11-1.fc36

Update description:

Fixes for multiple CVEs

Read More

FEDORA-2022-74a9c8e95f

Packages in this update:

moodle-4.1-1.fc37

Update description:

Fixes for multiple CVEs

Read More

USN-5689-1 fixed a vulnerability in Perl.
This update provides the corresponding update for Ubuntu 22.10.

Original advisory details:

It was discovered that Perl incorrectly handled certain signature verification.
An remote attacker could possibly use this issue to bypass signature verification.

Read More

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims’s username and hashed password to spoof the victim’s id against the server.

Read More

Florian Weimer discovered that shadow was not properly copying and removing
user directory trees, which could lead to a race condition. A local attacker
could possibly use this issue to setup a symlink attack and alter or remove
directories without authorization.

Read More

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

Read More

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup’s nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

Read More

It was discovered that libICE was using a weak mechanism to generate the
session cookies. A local attacker could possibly use this issue to perform
a privilege escalation attack.

Read More