USN-5745-2: shadow regression
USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu...
CVE-2022-21126
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not...
woff-0.20091126-35.fc37
FEDORA-2022-c30d362ce5 Packages in this update: woff-0.20091126-35.fc37 Update description: Fix a possible double free in woffEncode(). Update License to SPDX improved summary and description Add hand-written...
USN-5748-1: Sysstat vulnerability
It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial...
USN-5747-1: Bind vulnerabilities
It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources,...
botan2-2.19.3-1.el9
FEDORA-EPEL-2022-8f2df2e1e2 Packages in this update: botan2-2.19.3-1.el9 Update description: Bump botan2 to 2.19.3 (RHBZ 2143417, 2143418) Read More
CVE-2022-24187
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id...
CVE-2022-24188
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are...
CVE-2022-24189
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing...