Improper Input Validation Affecting virtuoso-opensource-utils package, versions <1:6.1.6-7.el7
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-VIRTUOSOOPENSOURCEUTILS-4944619
- published 26 Jul 2021
- disclosed 8 Feb 2018
How to fix?
Upgrade RHEL:7 virtuoso-opensource-utils to version 1:6.1.6-7.el7 or higher.
This issue was patched in RHSA-2019:2141.
NVD Description
Note: Versions mentioned in the description apply only to the upstream virtuoso-opensource-utils package and not the virtuoso-opensource-utils package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
References
- https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
- https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
- https://phabricator.kde.org/D10188
- https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php
- https://access.redhat.com/security/cve/CVE-2018-6790
- https://access.redhat.com/errata/RHSA-2019:2141