Douglas Mendizábal discovered that Barbican incorrectly handled access
restrictions. An authenticated attacker could possibly use this issue to
consume protected resources and possibly cause a denial of service.
(CVE-2022-23451, CVE-2022-23452)
Category Archives: Advisories
CVE-2021-24957
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
CVE-2021-25094
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CVE-2021-25111
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
CVE-2021-24800
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
CVE-2021-24805
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.
USN-5376-2: Git vulnerability
USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding
updates for Ubuntu 22.04 LTS.
Original advisory details:
俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.
freerdp-2.7.0-1.fc34
FEDORA-2022-b0a47f8060
Packages in this update:
freerdp-2.7.0-1.fc34
Update description:
Update to 2.7.0.
Security fixes for CVE-2022-24882, CVE-2022-24883.
freerdp-2.7.0-1.fc35
FEDORA-2022-a3e03a200b
Packages in this update:
freerdp-2.7.0-1.fc35
Update description:
Update to 2.7.0.
Security fixes for CVE-2022-24882, CVE-2022-24883.
freerdp-2.7.0-1.fc36
FEDORA-2022-dc48a89918
Packages in this update:
freerdp-2.7.0-1.fc36
Update description:
Update to 2.7.0.
Security fixes for CVE-2022-24882, CVE-2022-24883.