CVE-2022-0157

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2022-01-13
Modified: 2024-11-21

CVE-2022-0196

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-01-13
Modified: 2024-11-21

CVE-2022-0197

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package mc updated to version 4.8.27-alt1 for branch p10_e2k.

Published: 2021-07-09

BDU:2022-00235

Уязвимость файлового менеджера Midnight Commander, связанная с недостатками процедуры аутентификации, позволяющая нарушителю оказать воздействие на целостность данных

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

CVE-2021-36370

Published: 2021-08-30
Modified: 2024-11-21

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Package perl-Gear-Remotes updated to version 0.030-alt1 for branch p10_e2k.

Undefined subroutine &RPM::Devscripts::Versort::myvercmp

Version: 2.1.1

Branch p10_e2k update on 2022-01-22

ALT-BU-2022-3738-1

ALT-PU-2022-3735-1

Closed vulnerabilities

CVE-2022-0157

CVE-2022-0196

CVE-2022-0197

ALT-PU-2022-3736-1

Closed vulnerabilities

BDU:2022-00235

CVE-2021-36370

ALT-PU-2022-3737-1

Closed bugs

Bug #41694