Category Archives: Advisories

CVE-2021-25066

Read Time:11 Second

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Read More

CVE-2022-0250

Read Time:9 Second

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting

Read More

DSA-5174 gnupg2 – security update

Read Time:20 Second

Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature
spoofing via arbitrary injection into the status line. An attacker who
controls the secret part of any signing-capable key or subkey in the
victim’s keyring, can take advantage of this flaw to provide a
correctly-formed signature that some software, including gpgme, will
accept to have validity and signer fingerprint chosen from the attacker.

Read More

podman-tui-0.5.0-1.fc36

Read Time:45 Second

FEDORA-2022-fb8ed17b4e

Packages in this update:

podman-tui-0.5.0-1.fc36

Update description:

feature – image push
feature – container commit
using images.GetImage function for image inspect
show confirmation dialog in the center of different views
disk usage dialog table headers color update
Esc key shall not close dialogs if its dropdown widgets has focus
infobar + help color update for headers
image history dialog update
update button labels based on their function
code coverage for network and volume create dialogs
code coverage for ui/utils
makefile update – darwin build
docs: adding templates for bug report and features
docs: adding security policy
docs: Mac build
Bump github.com/containers/podman/v4 from 4.1.0 to 4.1.1
Bump github.com/docker/docker
Bump github.com/rs/zerolog from 1.26.1 to 1.27.0
Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

Read More

xen-4.15.3-1.fc35

Read Time:23 Second

FEDORA-2022-f5785fba8e

Packages in this update:

xen-4.15.3-1.fc35

Update description:

update to xen-4.15.3
x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5)

x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]

x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]

Read More