Category Archives: Advisories

insight-13.0.50.20220502-1.fc35

Read Time:14 Second

FEDORA-2022-8e1df11a7a

Packages in this update:

insight-13.0.50.20220502-1.fc35

Update description:

New upstream snapshot.
Fixes CVE-2021-3826.
Disable deprecated declaration warnings/errors.
Disable nonnull-compare warnings.
Patch “symtab_no_format_overflow” to avoid a false positive format overflow
detection.

Read More

CVE-2020-26938

Read Time:22 Second

In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.

Read More

CVE-2021-38934

Read Time:15 Second

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.

Read More

rubygem-puma-5.6.5-1.fc38

Read Time:26 Second

FEDORA-2022-7bc0f14a13

Packages in this update:

rubygem-puma-5.6.5-1.fc38

Update description:

Automatic update for rubygem-puma-5.6.5-1.fc38.

Changelog

* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

Read More

CVE-2021-40326

Read Time:12 Second

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.

Read More