dropbear-2017.75-2.el7
Backport fix for CVE-2018-15599, resolves rhbz#1623177
Backport fix for CVE-2020-36254, resolves rhbz#1933067
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint.
It was discovered that the Commandline class in maven-shared-utils, a
collection of various utility classes for the Maven build system, can
emit double-quoted strings without proper escaping, allowing shell
injection attacks.
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.
openssl3-3.0.1-41.el8.1
Sync with CentOS Stream 9’s openssl to pick up CVE fixes
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
