[SECURITY] Fedora 37 Update: plasma-workspace-wallpapers-5.27.1-1.fc37

Additional wallpapers for Plasma workspace...

SUSE CVE-2015-7536

Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...

Code injection

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly...

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2022-43433

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Design/Logic Flaw

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Design/Logic Flaw

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

PT-2022-26918 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.20 and earlier Description: The issue allows cross-site scripting XSS attacks by users with the ability to control files in workspaces, archived artifacts, etc. This is because the...

CVE-2022-43435

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

PT-2022-26037 · Relatedcode · Relatedcode'S Messenger

Name of the Vulnerable Software and Affected Versions: Relatedcode's Messenger version 7bcd20b Description: The issue allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate...

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

Code injection

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

CVE-2022-1805

CVE-2022-1805 describes a MITM risk in Teradici PCoIP Zero Clients when connecting to Amazon Workspaces: the SHA256 presented by the AWS Connection Configurator is not fully verified by the Zero Client, allowing potential interception between the Zero Client and the AWS session provisioner. The i...

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

Teradici PCoIP Zero Clients 信任管理问题漏洞

Teradici PCoIP Zero Clients is an ultra-secure endpoint from Teradici Canada. It uses a highly integrated, specialized processor to transmit pixels, not data, to the user's desktop. A trust management issue vulnerability exists in Teradici PCoIP Zero Clients Firmware version 22.01.5, 22.04.1 and...

PT-2022-14126 · Teradici · Pcoip Zero Client

Name of the Vulnerable Software and Affected Versions: PCoIP Zero Client affected versions not specified Description: The issue arises when connecting to Amazon Workspaces, as the SHA256 presented by the AWS connection provisioner is not fully verified by Zero Clients. This could be exploited by ...

Malicious code in workspaces_api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f6a19cbcf5e87f030986907a617618f131ae53ae924cff5278b008371bb49c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...