Read Time:8 Second
FEDORA-2022-b9c2a3a2b7
Packages in this update:
libtiff-4.4.0-2.fc35
Update description:
Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.
Category Archives: Advisories
DSA-5177 ldap-account-manager – security update
Read Time:10 Second
Arseniy Sharoglazov discovered multiple security issues in LDAP Account
Manager (LAM), a web frontend for managing accounts in an LDAP directory,
which could result in information disclosure or unauthenticated remote
code execution.
USN-5479-2: PHP vulnerabilities
Read Time:30 Second
USN-5479-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
CVE-2021-25056
Read Time:11 Second
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2021-25066
Read Time:11 Second
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0250
Read Time:9 Second
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
USN-5501-1: Django vulnerability
Read Time:6 Second
It was discovered that Django incorrectly handled certain SQL.
An attacker could possibly use this issue to expose sensitive information.
gnupg2-2.3.6-2.fc36
Read Time:6 Second
FEDORA-2022-aa14d396dd
Packages in this update:
gnupg2-2.3.6-2.fc36
Update description:
Fix for CVE-2022-34903 (#2103242)
DSA-5176 blender – security update
Read Time:10 Second
Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.
DSA-5175 thunderbird – security update
Read Time:6 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.