This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability.

Read More

FEDORA-FLATPAK-2022-0a5e38ea4c

Packages in this update:

flatpak-runtime-f36-3620220904192323.1
flatpak-sdk-f36-3620220904192323.1

Update description:

Updated flatpak runtime and SDK, including latest Fedora 36 security and bug-fix errata.

In addition to regular package updates, this also adds openssl1.1 to the runtime (required by python2.7 in the gimp flatpak).

Read More

FEDORA-2022-cf658a432f

Packages in this update:

libapreq2-2.17-1.fc35

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-2022-61f5b492b7

Packages in this update:

libapreq2-2.17-1.fc36

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-2022-9e5046934e

Packages in this update:

libapreq2-2.17-1.fc37

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-EPEL-2022-ebbc78f3cb

Packages in this update:

libapreq2-2.17-1.el8

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-EPEL-2022-b86f845eb8

Packages in this update:

libapreq2-2.17-1.el7

Update description:

Fix CVE-2022-22728.

Read More

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

Read More

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

Read More

Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.

Read More