Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.
Category Archives: Advisories
CVE-2021-35387
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
ghc-cmark-gfm-0.2.5-1.fc36
FEDORA-2022-6bcee2cc93
Packages in this update:
ghc-cmark-gfm-0.2.5-1.fc36
Update description:
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
ghc-cmark-gfm-0.2.5-1.fc35
FEDORA-2022-f1aed93db8
Packages in this update:
ghc-cmark-gfm-0.2.5-1.fc35
Update description:
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
java-latest-openjdk-19.0.1.0.10-2.rolling.fc36
FEDORA-2022-e8698f2e5e
Packages in this update:
java-latest-openjdk-19.0.1.0.10-2.rolling.fc36
Update description:
New in release OpenJDK 19.0.1 (2022-10-18)
CVEs Fixed
CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21628
CVE-2022-39399
Security Fixes
JDK-8282252: Improve BigInteger/Decimal validation
JDK-8285662: Better permission resolution
JDK-8286077: Wider MultiByte conversions
JDK-8286511: Improve macro allocation
JDK-8286519: Better memory handling
JDK-8286526: Improve NTLM support
JDK-8286910: Improve JNDI lookups
JDK-8286918: Better HttpServer service
JDK-8287446: Enhance icon presentations
JDK-8288508: Enhance ECDSA usage
JDK-8289366: Improve HTTP/2 client usage
JDK-8289853: Update HarfBuzz to 4.4.1
JDK-8290334: Update FreeType to 2.12.1
Major Changes
JDK-8292654: G1 Remembered set memory footprint regression after JDK-8286115
JDK-8286115 changed ergonomic sizing of a component of the remembered sets in G1. This change causes increased native memory usage of the Hotspot VM for applications that create large remembered sets with the G1 collector.
In an internal benchmark total GC component native memory usage rose by almost 10% (from 1.2GB to 1.3GB).
This issue can be worked around by passing double the value of G1RemSetArrayOfCardsEntries as printed by running the application with -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions to your application.
E.g. pass -XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128 if a previous run showed a value of 64 for G1RemSetArrayOfCardsEntries in the output of -XX:+PrintFlagsFinal.
JDK-8292579: Update Timezone Data to 2022c
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b
java-latest-openjdk-19.0.1.0.10-2.rolling.fc37
FEDORA-2022-d0ed59bee7
Packages in this update:
java-latest-openjdk-19.0.1.0.10-2.rolling.fc37
Update description:
New in release OpenJDK 19.0.1 (2022-10-18)
Full release notes
This update depends on FEDORA-2022-d0fc6f0dd4
CVEs Fixed
CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21628
CVE-2022-39399
Security Fixes
JDK-8282252: Improve BigInteger/Decimal validation
JDK-8285662: Better permission resolution
JDK-8286077: Wider MultiByte conversions
JDK-8286511: Improve macro allocation
JDK-8286519: Better memory handling
JDK-8286526: Improve NTLM support
JDK-8286910: Improve JNDI lookups
JDK-8286918: Better HttpServer service
JDK-8287446: Enhance icon presentations
JDK-8288508: Enhance ECDSA usage
JDK-8289366: Improve HTTP/2 client usage
JDK-8289853: Update HarfBuzz to 4.4.1
JDK-8290334: Update FreeType to 2.12.1
Major Changes
JDK-8292654: G1 Remembered set memory footprint regression after JDK-8286115
JDK-8286115 changed ergonomic sizing of a component of the remembered sets in G1. This change causes increased native memory usage of the Hotspot VM for applications that create large remembered sets with the G1 collector.
In an internal benchmark total GC component native memory usage rose by almost 10% (from 1.2GB to 1.3GB).
This issue can be worked around by passing double the value of G1RemSetArrayOfCardsEntries as printed by running the application with -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions to your application.
E.g. pass -XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128 if a previous run showed a value of 64 for G1RemSetArrayOfCardsEntries in the output of -XX:+PrintFlagsFinal.
JDK-8292579: Update Timezone Data to 2022c
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b
java-latest-openjdk-19.0.1.0.10-2.rolling.fc35
FEDORA-2022-ec7de69ceb
Packages in this update:
java-latest-openjdk-19.0.1.0.10-2.rolling.fc35
Update description:
New in release OpenJDK 19.0.1 (2022-10-18)
Full release notes
This update depends on FEDORA-2022-10bb6f119e
CVEs Fixed
CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21628
CVE-2022-39399
Security Fixes
JDK-8282252: Improve BigInteger/Decimal validation
JDK-8285662: Better permission resolution
JDK-8286077: Wider MultiByte conversions
JDK-8286511: Improve macro allocation
JDK-8286519: Better memory handling
JDK-8286526: Improve NTLM support
JDK-8286910: Improve JNDI lookups
JDK-8286918: Better HttpServer service
JDK-8287446: Enhance icon presentations
JDK-8288508: Enhance ECDSA usage
JDK-8289366: Improve HTTP/2 client usage
JDK-8289853: Update HarfBuzz to 4.4.1
JDK-8290334: Update FreeType to 2.12.1
Major Changes
JDK-8292654: G1 Remembered set memory footprint regression after JDK-8286115
JDK-8286115 changed ergonomic sizing of a component of the remembered sets in G1. This change causes increased native memory usage of the Hotspot VM for applications that create large remembered sets with the G1 collector.
In an internal benchmark total GC component native memory usage rose by almost 10% (from 1.2GB to 1.3GB).
This issue can be worked around by passing double the value of G1RemSetArrayOfCardsEntries as printed by running the application with -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions to your application.
E.g. pass -XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128 if a previous run showed a value of 64 for G1RemSetArrayOfCardsEntries in the output of -XX:+PrintFlagsFinal.
JDK-8292579: Update Timezone Data to 2022c
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b
CVE-2021-36206
All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.
CVE-2021-38395
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2021-38397
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.