A buffer overflow was discovered in the vhost code of DPDK,
a set of libraries for fast packet processing, which could result
in denial of service or the execution of arbitrary code by malicious
guests/containers.
Category Archives: Advisories
CVE-2020-26938
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.
CVE-2021-38934
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.
rubygem-puma-4.3.6-5.fc35
FEDORA-2022-de968d1b6c
Packages in this update:
rubygem-puma-4.3.6-5.fc35
Update description:
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities
rubygem-puma-5.5.2-3.fc36
FEDORA-2022-52d0032596
Packages in this update:
rubygem-puma-5.5.2-3.fc36
Update description:
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities.
rubygem-puma-5.6.5-1.fc37
FEDORA-2022-7c8b29195f
Packages in this update:
rubygem-puma-5.6.5-1.fc37
Update description:
Update to Puma 5.6.5.
rubygem-puma-5.6.5-1.fc38
FEDORA-2022-7bc0f14a13
Packages in this update:
rubygem-puma-5.6.5-1.fc38
Update description:
Automatic update for rubygem-puma-5.6.5-1.fc38.
Changelog
* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
CVE-2021-40326
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
CVE-2021-41780
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVE-2021-41781
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.