FEDORA-2022-0125d9cd29
Packages in this update:
CuraEngine-4.13.1-2.fc36
Update description:
Security fix for CVE-2022-28041
CuraEngine-4.13.1-2.fc36
Security fix for CVE-2022-28041
CuraEngine-4.13.1-2.fc34
Security fix for CVE-2022-28041
Posted by sec-advisory on Apr 22
SexyPolling SQL Injection
====================
| Identifier: | AIT-SA-20220208-01|
| Target: | Sexy Polling ( Joomla Extension) |
| Vendor: | 2glux |
| Version: | all versions below version 2.1.8 |
| CVE: | Not yet |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |
Summary
========
[Sexy Polling is a Joomla Extension for votes.](https://2glux.com/projects/sexypolling…
Posted by Heiko Feldhusen via Fulldisclosure on Apr 22
—————————————————————
—————————————————————
—————————————————————
—————————————————————
—————————————————————
—————————————————————…
esh-0.3.2-1.fc36
Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack
esh-0.3.2-1.fc35
Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack
esh-0.3.2-1.fc34
Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.
usd-21.11-11.fc35
Security fix for CVE-2022-28041