A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
Category Archives: Advisories
CVE-2017-20094
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20095
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
CVE-2017-20096
A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely.
CVE-2017-20092
A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.
ZDI-22-872: DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability.
python-twisted-22.4.0-1.fc37
FEDORA-2022-dc6dc2cfd3
Packages in this update:
python-twisted-22.4.0-1.fc37
Update description:
Automatic update for python-twisted-22.4.0-1.fc37.
Changelog
* Thu Jun 23 2022 Robert-André Mauchin <zebob.m@gmail.com> 22.4.0-1
– Update to 22.4.0 Close: rhbz#2046562 rhbz#2073115 rhbz#2060972
rhbz#2059508
USN-5492-1: Vim vulnerability
It was discovered that Vim incorrectly handled memory when opening and
searching the contents of certain files. If an attacker could trick a user
into opening a specially crafted file, it could cause Vim to crash.
USN-5487-3: Apache HTTP Server regression
USN-5487-1 fixed several vulnerabilities in Apache HTTP Server.
Unfortunately it caused regressions. USN-5487-2 reverted the
patches that caused the regression in Ubuntu 14.04 ESM for further
investigation. This update re-adds the security fixes for Ubuntu
14.04 ESM and fixes two different regressions: one affecting mod_proxy
only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)
exim-4.95-1.el8
FEDORA-EPEL-2022-ac75a8517c
Packages in this update:
exim-4.95-1.el8
Update description:
This is an update fixing CVE-2021-38371.