The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Category Archives: Advisories
CVE-2022-0250
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
USN-5501-1: Django vulnerability
It was discovered that Django incorrectly handled certain SQL.
An attacker could possibly use this issue to expose sensitive information.
gnupg2-2.3.6-2.fc36
FEDORA-2022-aa14d396dd
Packages in this update:
gnupg2-2.3.6-2.fc36
Update description:
Fix for CVE-2022-34903 (#2103242)
DSA-5176 blender – security update
Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.
DSA-5175 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5174 gnupg2 – security update
Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature
spoofing via arbitrary injection into the status line. An attacker who
controls the secret part of any signing-capable key or subkey in the
victim’s keyring, can take advantage of this flaw to provide a
correctly-formed signature that some software, including gpgme, will
accept to have validity and signer fingerprint chosen from the attacker.
DSA-5173 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
podman-tui-0.5.0-1.fc36
FEDORA-2022-fb8ed17b4e
Packages in this update:
podman-tui-0.5.0-1.fc36
Update description:
feature – image push
feature – container commit
using images.GetImage function for image inspect
show confirmation dialog in the center of different views
disk usage dialog table headers color update
Esc key shall not close dialogs if its dropdown widgets has focus
infobar + help color update for headers
image history dialog update
update button labels based on their function
code coverage for network and volume create dialogs
code coverage for ui/utils
makefile update – darwin build
docs: adding templates for bug report and features
docs: adding security policy
docs: Mac build
Bump github.com/containers/podman/v4 from 4.1.0 to 4.1.1
Bump github.com/docker/docker
Bump github.com/rs/zerolog from 1.26.1 to 1.27.0
Bump github.com/spf13/cobra from 1.4.0 to 1.5.0
xen-4.15.3-1.fc35
FEDORA-2022-f5785fba8e
Packages in this update:
xen-4.15.3-1.fc35
Update description:
update to xen-4.15.3
x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5)
x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]