A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input ‘or”=’ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/password with the input ‘or”=’ leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
golang-1.18.4-1.fc37
Automatic update for golang-1.18.4-1.fc37.
* Wed Jul 13 2022 Alejandro Sáez <asm@redhat.com> – 1.18.4-1
– Update to 1.18.4
* Sun Jun 19 2022 Robert-André Mauchin <zebob.m@gmail.com> – 1.18.3-2
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
osbuild-composer-57-1.fc35
Update osbuild-composer to the latest version
golang-1.18.4-1.fc36
go1.18.4 includes security fixes to the compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the runtime/metrics package.
xorg-x11-server-Xwayland-21.1.4-2.fc35
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
xorg-x11-server-Xwayland-22.1.3-1.fc36
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
xorg-x11-server-1.20.14-7.fc35
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
xorg-x11-server-1.20.14-7.fc36
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
