A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries() (CVE-2022-42927). Certain types of allocations were missing annotations that, if the Garbage
regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.119 version, fixing many bugs and 6 vulnerabilities. Some of the security fixes are: High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang
Arbitrary Code Execution in joblib (CVE-2022-21797) References: - https://bugs.mageia.org/show_bug.cgi?id=30956 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloakab5715f4ccee395d7eb6acb7443cfe83').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addyab5715f4ccee395d7eb6acb7443cfe83 = 'package-announce' + '@'; addyab5715f4ccee395d7eb6acb7443cfe83 = addyab5715f4ccee395d7eb6acb7443cfe83 + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_textab5715f4ccee395d7eb6acb7443cfe83 = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloakab5715f4ccee395d7eb6acb7443cfe83').innerHTML += ''+addy_textab5715f4ccee395d7eb6acb7443cfe83+''; /thread/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF/
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to
SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-2806) References: - https://bugs.mageia.org/show_bug.cgi?id=30898
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. (CVE-2022-3123) References: - https://bugs.mageia.org/show_bug.cgi?id=30873
Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2021-4217) Conversion of a wide string to a local string that leads to a heap of
HTMLUserTextField exposes existence of hidden users (CVE-2022-41765). reassignEdits doesn't update results in an IP range check on Special:Contributions (CVE-2022-41767)
