A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
Category Archives: Advisories
CVE-2017-20044
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20045
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20041
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
uboot-tools-2022.04-2.fc36
FEDORA-2022-61cf1c64f6
Packages in this update:
uboot-tools-2022.04-2.fc36
Update description:
uboot-tools-2022.04-2:
Fixes for Pine64 Pinebook Pro
Fix for CVE-2022-30767 (NFSv2)
Fix for CVE-2018-25032 (zlib)
DSA-5163 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
DSA-5162 containerd – security update
Two vulnerabilities were discovered in the containerd container
runtime, which could result in denial of service or incomplete restriction
of capabilities.
collectd-5.12.0-16.fc36 qemu-6.2.0-12.fc36 xen-4.16.1-2.fc36
FEDORA-2022-0142d562ca
Packages in this update:
collectd-5.12.0-16.fc36
qemu-6.2.0-12.fc36
xen-4.16.1-2.fc36
Update description:
stop building for ix86 and armv7hl due to missing build dependency
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]
Split qemu-user-static into per-arch subpackages (bz 2061584)
golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35 moby-engine-20.10.17-2.fc35
FEDORA-2022-3ecd21576a
Packages in this update:
golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35
moby-engine-20.10.17-2.fc35
Update description:
moby-engine
https://github.com/moby/moby/releases/tag/v20.10.17
Includes updates to bundled libraries that fix CVEs.
golang-github-docker-libnetwork
Bump to f6ccccb1c082a432c2a5814aaedaca56af33d9ea
golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36 moby-engine-20.10.17-2.fc36
FEDORA-2022-cea20dae0b
Packages in this update:
golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36
moby-engine-20.10.17-2.fc36
Update description:
moby-engine
https://github.com/moby/moby/releases/tag/v20.10.17
Includes updates to bundled libraries that fix CVEs.
golang-github-docker-libnetwork
Bump to f6ccccb1c082a432c2a5814aaedaca56af33d9ea