IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.
Category Archives: Advisories
CVE-2020-23550
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.
python-lxml-4.7.1-3.fc36
FEDORA-2022-ed0eeb6a20
Packages in this update:
python-lxml-4.7.1-3.fc36
Update description:
Security fix for CVE-2022-2309
python-lxml-4.9.1-1.fc37
FEDORA-2022-ed17f59c1d
Packages in this update:
python-lxml-4.9.1-1.fc37
Update description:
Update to 4.9.1
python-engineio-4.3.4-2.fc38
FEDORA-2022-8ca9330e57
Packages in this update:
python-engineio-4.3.4-2.fc38
Update description:
Automatic update for python-engineio-4.3.4-2.fc38.
Changelog
* Thu Sep 15 2022 Benjamin A. Beasley <code@musicinmybrain.net> 4.3.4-2
– Don’t ship package-lock.json files with the examples
– This keeps from having automated bugs filed for irrelevant CVE’s in NPM
packages that are mentioned there. See RHBZ#2127005.
dokuwiki-20200729a-1.fc35
FEDORA-2022-8c76e587f7
Packages in this update:
dokuwiki-20200729a-1.fc35
Update description:
Update to bugfix/security release 2022-07-29a. Includes security fix for CVE-2022-3123.
python-lxml-4.9.1-1.fc38
FEDORA-2022-3ff6a5e8ab
Packages in this update:
python-lxml-4.9.1-1.fc38
Update description:
Automatic update for python-lxml-4.9.1-1.fc38.
Changelog
* Wed Sep 14 2022 Charalampos Stratakis <cstratak@redhat.com> – 4.9.1-1
– Update to 4.9.1
– Fix for CVE-2022-2309
– Resolves: rhbz#2107571, rhbz#2110131
dokuwiki-20200729a-1.fc36
FEDORA-2022-d048c0dde2
Packages in this update:
dokuwiki-20200729a-1.fc36
Update description:
Update to bugfix/security release 2022-07-29a. Includes security fix for CVE-2022-3123.
dokuwiki-20220731a-1.fc37
FEDORA-2022-fd641dbf35
Packages in this update:
dokuwiki-20220731a-1.fc37
Update description:
Update to new stable release, v2022-07-31a “Igor”. Includes security fix for CVE-2022-3123.
CVE-2018-25047
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.