This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.
community-mysql-8.0.33-2.fc38
MySQL 8.0.33
Changelog:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-33.html
community-mysql-8.0.33-2.fc37
MySQL 8.0.33
Changelog:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-33.html
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.
rubygem-redcarpet-3.3.2-26.fc36
A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.
rubygem-redcarpet-3.3.2-26.fc37
A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.
rubygem-redcarpet-3.3.2-26.fc38
A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue.
java-11-openjdk-portable-11.0.19.0.7-2.fc37
Updatings portables to ajva April security update, with few enhancements be properly repacked.
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
