FEDORA-2022-eeccd928a8
Packages in this update:
expat-2.4.7-1.fc36
Update description:
Rebase to version 2.4.7
expat-2.4.7-1.fc36
Rebase to version 2.4.7
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for remote code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
It was discovered that OpenJDK incorrectly handled deserialization filters.
An attacker could possibly use this issue to insert, delete or obtain
sensitive information. (CVE-2022-21248)
It was discovered that OpenJDK incorrectly read uncompressed TIFF files.
An attacker could possibly use this issue to cause a denial of service via
a specially crafted TIFF file. (CVE-2022-21277)
Jonni Passki discovered that OpenJDK incorrectly verified access
restrictions when performing URI resolution. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2022-21282)
It was discovered that OpenJDK incorrectly handled certain regular
expressions in the Pattern class implementation. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21283)
It was discovered that OpenJDK incorrectly handled specially crafted Java
class files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-21291)
Markus Loewe discovered that OpenJDK incorrectly validated attributes
during object deserialization. An attacker could possibly use this issue
to cause a denial of service. (CVE-2022-21293, CVE-2022-21294)
Dan Rabe discovered that OpenJDK incorrectly verified access permissions
in the JAXP component. An attacker could possibly use this to specially
craft an XML file to obtain sensitive information. (CVE-2022-21296)
It was discovered that OpenJDK incorrectly handled XML entities. An
attacker could use this to specially craft an XML file that, when parsed,
would possibly cause a denial of service. (CVE-2022-21299)
Zhiqiang Zang discovered that OpenJDK incorrectly handled array indexes.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2022-21305)
It was discovered that OpenJDK incorrectly read very long attributes
values in JAR file manifests. An attacker could possibly use this to
specially craft JAR file to cause a denial of service. (CVE-2022-21340)
It was discovered that OpenJDK incorrectly validated input from serialized
streams. An attacker cold possibly use this issue to bypass sandbox
restrictions. (CVE-2022-21341)
Fabian Meumertzheim discovered that OpenJDK incorrectly handled certain
specially crafted BMP or TIFF files. An attacker could possibly use this
to cause a denial of service. (CVE-2022-21360, CVE-2022-21366)
It was discovered that an integer overflow could be triggered in OpenJDK
BMPImageReader class implementation. An attacker could possibly use this
to specially craft a BMP file to cause a denial of service.
(CVE-2022-21365)
The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page)
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when either the unfiltered_html or file_edit is disallowed)
The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when the unfiltered_html is disallowed)
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files’ extension, which allows administrators to upload PHP files on their site, even on multisite installations.
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.