FEDORA-2022-19538a3732
Packages in this update:
mingw-binutils-2.37-5.fc36
Update description:
Backport fixes for CVE-2021-3826 and CVE-2022-38533.
mingw-binutils-2.37-5.fc36
Backport fixes for CVE-2021-3826 and CVE-2022-38533.
mingw-gdb-12.1-2.fc36
Update to 12.1, fixes CVE-2021-3826.
A heap use-after-free vulnerability after overeager destruction of a
shared DTD in the XML_ExternalEntityParserCreate function in Expat, an
XML parsing C library, may result in denial of service or potentially
the execution of arbitrary code.
Nicky Mouha discovered a buffer overflow in sha3, a Python library for
the SHA-3 hashing functions.
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user’s local machine, as demonstrated by System.Diagnostics.Process.Start.
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
It was discovered that Apache Batik, a SVG library for Java, allowed
attackers to run arbitrary Java code by processing a malicious SVG file.
A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.
Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.