Category Archives: Advisories

CVE-2017-20044

Read Time:18 Second

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Read More

CVE-2017-20045

Read Time:21 Second

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Read More

CVE-2017-20041

Read Time:19 Second

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Read More

collectd-5.12.0-16.fc36 qemu-6.2.0-12.fc36 xen-4.16.1-2.fc36

Read Time:23 Second

FEDORA-2022-0142d562ca

Packages in this update:

collectd-5.12.0-16.fc36
qemu-6.2.0-12.fc36
xen-4.16.1-2.fc36

Update description:

stop building for ix86 and armv7hl due to missing build dependency
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]

Split qemu-user-static into per-arch subpackages (bz 2061584)

Read More

golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35 moby-engine-20.10.17-2.fc35

Read Time:16 Second

FEDORA-2022-3ecd21576a

Packages in this update:

golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35
moby-engine-20.10.17-2.fc35

Update description:

moby-engine

https://github.com/moby/moby/releases/tag/v20.10.17

Includes updates to bundled libraries that fix CVEs.

golang-github-docker-libnetwork

Bump to f6ccccb1c082a432c2a5814aaedaca56af33d9ea

Read More

golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36 moby-engine-20.10.17-2.fc36

Read Time:16 Second

FEDORA-2022-cea20dae0b

Packages in this update:

golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36
moby-engine-20.10.17-2.fc36

Update description:

moby-engine

https://github.com/moby/moby/releases/tag/v20.10.17

Includes updates to bundled libraries that fix CVEs.

golang-github-docker-libnetwork

Bump to f6ccccb1c082a432c2a5814aaedaca56af33d9ea

Read More

CVE-2017-20037

Read Time:12 Second

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.

Read More