The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin
mingw-python3-3.10.8-2.fc37
Backport patch for CVE-2022-45061.
mingw-python3-3.10.8-2.fc36
Backport patch for CVE-2022-45061.
galera-26.4.13-1.fc36
mariadb-10.5.18-1.fc36
MariaDB 10.5.18 & Galera 26.4.13
Release notes:
galera-26.4.13-1.fc35
mariadb-10.5.18-1.fc35
MariaDB 10.5.18 & Galera 26.4.13
Release notes:
galera-26.4.13-1.fc37
mariadb-10.5.18-1.fc37
MariaDB 10.5.18 & Galera 26.4.13
Release notes:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
