A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
xen-4.17.0-8.fc38
3 security issues (#2180425)
x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332]
x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333,
CVE-2022-42334]
x86: speculative vulnerability in 32bit SYSCALL path [XSA-429,
CVE-2022-42331]
moodle-3.11.13-1.fc36
Fixes for multiple CVEs.
yarnpkg-1.22.19-5.fc37
Apply fix for CVE-2022-37603.
yarnpkg-1.22.19-5.fc38
Apply fix for CVE-2022-37603.
yarnpkg-1.22.19-5.fc36
Apply fix for CVE-2022-37603.
tar-1.34-8.fc38
Fix for CVE-2022-48303
tar-1.34-6.fc37
Fix for CVE-2022-48303
