Read Time:8 Second
Edward Thomson discovered that .NET 6 incorrectly handled
permissions for local NuGet cache. A local attacker could
possibly use this issue to execute arbitrary code.
Category Archives: Advisories
CVE-2021-36899
Read Time:7 Second
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan’s Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
CVE-2021-36913
Read Time:12 Second
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.
vim-9.0.720-1.fc35
Read Time:14 Second
FEDORA-2022-fff548cfab
Packages in this update:
vim-9.0.720-1.fc35
Update description:
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
vim-9.0.720-1.fc36
Read Time:14 Second
FEDORA-2022-40161673a3
Packages in this update:
vim-9.0.720-1.fc36
Update description:
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
dbus-1.12.24-1.fc35
Read Time:9 Second
FEDORA-2022-7a963a79d1
Packages in this update:
dbus-1.12.24-1.fc35
Update description:
Update to 1.12.24
Fix CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
vim-9.0.720-1.fc37
Read Time:14 Second
FEDORA-2022-00baa0907e
Packages in this update:
vim-9.0.720-1.fc37
Update description:
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
dbus-1.14.4-1.fc36
Read Time:9 Second
FEDORA-2022-076544c8aa
Packages in this update:
dbus-1.14.4-1.fc36
Update description:
Update to 1.14.4
Fix CVE-2022-42010, CVE-2022-42011 and CVE-2022-42012
dhcp-4.4.3-4.P1.fc36
Read Time:12 Second
FEDORA-2022-f5a45757df
Packages in this update:
dhcp-4.4.3-4.P1.fc36
Update description:
New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)
CVE-2021-35226
Read Time:9 Second
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.