The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
Category Archives: Advisories
CVE-2021-25111
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
CVE-2021-24800
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
CVE-2021-24805
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.
USN-5376-2: Git vulnerability
USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding
updates for Ubuntu 22.04 LTS.
Original advisory details:
俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.
freerdp-2.7.0-1.fc34
FEDORA-2022-b0a47f8060
Packages in this update:
freerdp-2.7.0-1.fc34
Update description:
Update to 2.7.0.
Security fixes for CVE-2022-24882, CVE-2022-24883.
freerdp-2.7.0-1.fc35
FEDORA-2022-a3e03a200b
Packages in this update:
freerdp-2.7.0-1.fc35
Update description:
Update to 2.7.0.
Security fixes for CVE-2022-24882, CVE-2022-24883.
freerdp-2.7.0-1.fc36
FEDORA-2022-dc48a89918
Packages in this update:
freerdp-2.7.0-1.fc36
Update description:
Update to 2.7.0.
Security fixes for CVE-2022-24882, CVE-2022-24883.
CVE-2019-25059
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
chromium-100.0.4896.127-1.fc34
FEDORA-2022-17aa1c62da
Packages in this update:
chromium-100.0.4896.127-1.fc34
Update description:
100 Chromium releases! Of course, at the rate they release now, we’ll probably be at 150 before the end of the year. Anyway, here’s the update.
Fixes:
CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364