** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Category Archives: Advisories
freetype-2.12.1-1.fc36
FEDORA-2022-2dd60f1f00
Packages in this update:
freetype-2.12.1-1.fc36
Update description:
Update to freetype 2.12.1 which fixes CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 and adds support for OT-SVG fonts.
USN-5382-2: libinput vulnerability
USN-5382-1 fixed a vulnerability in libinput. This update provides the
corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly
handle input devices with specially crafted names. A local attacker with
physical access could use this to cause libinput to crash or expose
sensitive information.
CVE-2021-31674
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVE-2021-31673
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.
DSA-5127 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
mariadb-10.7-3420220501001308.058368ca
FEDORA-MODULAR-2022-3903b475a9
Packages in this update:
mariadb-10.7-3420220501001308.058368ca
Update description:
MariaDB 10.7.3 & Galera 26.4.11
Release notes:
mariadb-10.7-3520220501001308.f27b74a8
FEDORA-MODULAR-2022-dd33454b42
Packages in this update:
mariadb-10.7-3520220501001308.f27b74a8
Update description:
MariaDB 10.7.3 & Galera 26.4.11
Release notes:
mariadb-10.7-3620220501001308.5e5ad4a0
FEDORA-MODULAR-2022-de160960c2
Packages in this update:
mariadb-10.7-3620220501001308.5e5ad4a0
Update description:
MariaDB 10.7.3 & Galera 26.4.11
Release notes:
DSA-5126 ffmpeg – security update
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.