It was discovered that the 8 Devices USB2CAN interface implementation in
the Linux kernel did not properly handle certain error conditions, leading
to a double-free. A local attacker could possibly use this to cause a
denial of service (system crash).
Multiple security issues were discovered in the Squid proxy caching
server:
Multiple vulnerabilities were discovered in Node.js, which could result in
HTTP request smuggling, a bypass of certificate verification or prototype
pollution.
mingw-wavpack-5.4.0-5.fc35
Security fix for CVE-2021-44269
mingw-wavpack-5.4.0-5.fc36
Security fix for CVE-2021-44269
It was discovered that the c_rehash script included in OpenSSL did not
sanitise shell meta characters which could result in the execution of
arbitrary commands.
Multiple vulnerabilities have been discovered in WatchGuard Firebox and XTM appliances, the most severe of which could allow for Remote code execution. WatchGuard Firebox is a unified security platform that gives IT professionals the network visibility tools to ensure enterprise-grade security. Depending on the privileges associated with the applications, an attacker could view, change, or delete data.
golang-x-net-0-0.60.20200807gitab34263.el8
golang-x-text-0.3.7-1.el8
Update to 0.3.7. Fixes rhbz#1945761.
Mitigate CVE-2021-38561 (rhbz#2100495).
Rebuild to mitigate CVE-2021-38561 (rhbz#2100495).
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
