A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.
Category Archives: Advisories
DSA-5127 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
mariadb-10.7-3420220501001308.058368ca
FEDORA-MODULAR-2022-3903b475a9
Packages in this update:
mariadb-10.7-3420220501001308.058368ca
Update description:
MariaDB 10.7.3 & Galera 26.4.11
Release notes:
mariadb-10.7-3520220501001308.f27b74a8
FEDORA-MODULAR-2022-dd33454b42
Packages in this update:
mariadb-10.7-3520220501001308.f27b74a8
Update description:
MariaDB 10.7.3 & Galera 26.4.11
Release notes:
mariadb-10.7-3620220501001308.5e5ad4a0
FEDORA-MODULAR-2022-de160960c2
Packages in this update:
mariadb-10.7-3620220501001308.5e5ad4a0
Update description:
MariaDB 10.7.3 & Galera 26.4.11
Release notes:
DSA-5126 ffmpeg – security update
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
mariadb-10.6-3420220430165639.058368ca
FEDORA-MODULAR-2022-8d64a348f6
Packages in this update:
mariadb-10.6-3420220430165639.058368ca
Update description:
MariaDB 10.6.7 & Galera 26.4.11
Release notes:
mariadb-10.6-3520220430165639.f27b74a8
FEDORA-MODULAR-2022-ad3d7b2970
Packages in this update:
mariadb-10.6-3520220430165639.f27b74a8
Update description:
MariaDB 10.6.7 & Galera 26.4.11
Release notes:
mariadb-10.6-3620220430165639.5e5ad4a0
FEDORA-MODULAR-2022-12c5412556
Packages in this update:
mariadb-10.6-3620220430165639.5e5ad4a0
Update description:
MariaDB 10.6.7 & Galera 26.4.11
Release notes:
cifs-utils-6.15-1.fc34
FEDORA-2022-34de4f833d
Packages in this update:
cifs-utils-6.15-1.fc34
Update description:
This is a security release to address the following bugs:
CVE-2022-27239: mount.cifs: fix length check for ip option parsing
CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
Description
CVE-2022-27239:
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869:
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Both issues were originally reported and fixed by Jeffrey Bencteux.