Read Time:7 Second
FEDORA-2022-4131ced81a
Packages in this update:
qt5-qtbase-5.15.2-31.fc35
Update description:
Security fix for CVE-2021-38593
Category Archives: Advisories
USN-5453-1: FreeType vulnerability
Read Time:7 Second
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
USN-5452-1: NTFS-3G vulnerability
Read Time:12 Second
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
CVE-2022-1203
Read Time:16 Second
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
CVE-2022-1275
Read Time:11 Second
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)
CVE-2022-1294
Read Time:12 Second
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-0376
Read Time:16 Second
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-0642
Read Time:16 Second
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.
CVE-2022-1009
Read Time:17 Second
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file
USN-5431-1: GnuPG vulnerability
Read Time:9 Second
It was discovered that GnuPG was not properly processing keys
with large amounts of signatures. An attacker could possibly
use this issue to cause a denial of service.