Category Archives: Advisories

CVE-2021-25002

Read Time:13 Second

The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL

Read More

CVE-2021-32500

Read Time:9 Second

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Read More

freetype-2.12.1-1.fc36

Read Time:12 Second

FEDORA-2022-2dd60f1f00

Packages in this update:

freetype-2.12.1-1.fc36

Update description:

Update to freetype 2.12.1 which fixes CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 and adds support for OT-SVG fonts.

Read More

USN-5382-2: libinput vulnerability

Read Time:18 Second

USN-5382-1 fixed a vulnerability in libinput. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly
handle input devices with specially crafted names. A local attacker with
physical access could use this to cause libinput to crash or expose
sensitive information.

Read More

CVE-2021-31674

Read Time:9 Second

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.

Read More

CVE-2021-31673

Read Time:10 Second

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

Read More