pypy3.8-7.3.11-1.3.8.fc37
Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html
Security fix for CVE-2022-37454, CVE-2022-45061.
flatpak-runtime-f37-3720221117153339.5
flatpak-sdk-f37-3720221117153339.5
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271.
qemu-6.2.0-17.fc36
ati-vga: out-of-bounds write in ati_2d_blt (CVE-2021-3638) (rhbz#1979882)
qxl: qxl_phys2virt unsafe address translation (CVE-2022-4144) (rhbz#2148542)
linux-user: default to -cpu max (rhbz#2121700)
It was discovered that usbredir incorrectly handled memory when
serializing large amounts of data in the case of a slow or blocked
destination. An attacker could possibly use this issue to cause
applications using usbredir to crash, resulting in a denial of
service, or possibly execute arbitrary code.
A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The name of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability.
A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267.
Posted by Jozef Sudolsky on Jan 02
Announcing a backdoor tool running inside of ModSecurity WAF and
allowing remote command execution with privileges of the web server.
novnc-1.3.0-5.el7
Security fix for [CVE-2017-18635]
Update to 1.3.0
A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability.
