In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
zabbix-6.0.8-1.fc37
6.0.8, fixes CVE-2022-40626
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.
java-latest-openjdk-18.0.2.0.9-1.rolling.el9
July CPU update
java-latest-openjdk-18.0.2.0.9-1.rolling.el8
July CPU update
python3.11-3.11.0~rc2-1.fc36
Update Python to 3.11.0rc2. Contains security fix for CVE-2020-10735 and other bugfixes, see https://docs.python.org/3.11/whatsnew/changelog.html#python-3-11-0-release-candidate-2
freeipa-4.10.0-6.fc37
samba-4.17.0-1.fc37
Update to version 4.17.0
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
