Update of php 5.3: Remove mariadb102 patch to eliminate faulty functionality

Remove mariadb102 patch to eliminate faulty functionality...

[SECURITY] Fedora 34 Update: wavpack-5.4.0-5.fc34

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

CVE-2022-27925

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal...

CVE-2022-24871

Shopware SSRF vulnerability (CVE-2022-24871) enables an attacker to abuse the Admin SDK on the server to read or update internal resources. Affected: Shopware platform; current fix is upgrade to 6.4.10.1. For 6.1/6.2/6.3, security measures via a plugin are available. No public workaround document...

Design/Logic Flaw

A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz...

CVE-2020-35632

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-28608

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

SWHKD has unspecified vulnerabilities (CNVD-2022-36045)

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from keyboard events using an unintended user, which can be exploited by an attacker to cause information disclosure, but is usually a denial of functionality...

CVE-2022-24851 Stored XSS and path traversal in LDAPAccountManager/lam

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

Race condition

A vulnerability in the implementation of the Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the incorrect processing of a BGP update messa...

GHSA-H5WH-7H2J-H999 Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-21210

An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Heap overflow

A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-21234

An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21949

An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21943

A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

Denial of service

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...