Read Time:8 Second
FEDORA-2022-85aa8e5706
Packages in this update:
python-notebook-6.4.0-4.fc35
Update description:
Security fix for CVE-2022-24785 and CVE-2022-31129.
Category Archives: Advisories
python-ujson-5.4.0-1.el9
Read Time:28 Second
FEDORA-EPEL-2022-1026769ad3
Packages in this update:
python-ujson-5.4.0-1.el9
Update description:
Security fix for CVE-2022-31116 and CVE-2022-31117.
5.4.0
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
python-ujson-5.4.0-1.fc36
Read Time:27 Second
FEDORA-2022-1b2b8d5177
Packages in this update:
python-ujson-5.4.0-1.fc36
Update description:
Security fix for CVE-2022-31116 and CVE-2022-31117.
5.4.0
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
CVE-2020-14127
Read Time:9 Second
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
grafana-9.0.2-3.fc37
Read Time:15 Second
FEDORA-2022-6480e61dad
Packages in this update:
grafana-9.0.2-3.fc37
Update description:
Automatic update for grafana-9.0.2-3.fc37.
Changelog
* Thu Jul 14 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-3
– fix quoting in grafana-cli wrapper script (rhbz#2107046)
USN-5520-1: HTTP-Daemon vulnerability
Read Time:8 Second
It was discovered that HTTP-Daemon incorrectly handled certain crafted
requests. A remote attacker could possibly use this issue to perform an
HTTP Request Smuggling attack.
USN-5519-1: Python vulnerability
Read Time:6 Second
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
python-notebook-6.4.11-3.fc37
Read Time:17 Second
FEDORA-2022-f9e459c893
Packages in this update:
python-notebook-6.4.11-3.fc37
Update description:
Automatic update for python-notebook-6.4.11-3.fc37.
Changelog
* Wed Jul 13 2022 Miro Hrončok <mhroncok@redhat.com> – 6.4.11-3
– Fix CVE-2022-24785 and CVE-2022-31129 in bundled moment
– Fixes: rhbz#2075263
USN-5512-1: Thunderbird vulnerabilities
Read Time:1 Minute, 2 Second
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, spoof the UI, bypass CSP restrictions, or
execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737,
CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,
CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470,
CVE-2022-34479, CVE-2022-34481, CVE-2022-34484)
It was discovered that an unavailable PAC file caused OCSP requests to
be blocked, resulting in incorrect error pages being displayed.
(CVE-2022-34472)
It was discovered that the Braille space character could be used to
cause Thunderbird to display the wrong sender address for signed messages.
An attacker could potentially exploit this to trick the user into
believing a message had been sent from somebody they trusted.
(CVE-2022-1834)
It was discovered that Thunderbird would consider an email with a
mismatched OpenPGP signature date as valid. An attacker could potentially
exploit this by replaying an older message in order to trick the user into
believing that the statements in the message are current. (CVE-2022-2226)
CVE-2017-20129
Read Time:21 Second
A vulnerability was found in LogoStore. It has been classified as critical. Affected is an unknown function of the file /LogoStore/search.php. The manipulation of the argument query with the input test’ UNION ALL SELECT CONCAT(CONCAT(‘qqkkq’,’VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV’),’qvvpq’),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL– oCrh&search= leads to sql injection. It is possible to launch the attack remotely.