qemu-7.0.0-10.fc37
vga: avoid crash if no default vga card (rhbz#2095639)
lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
vnc-clipboard: fix integer underflow (CVE-2022-3165)
Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.
The deployment script in the unsupported “OpenShift Extras” set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user’s authorized_keys file.
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
dotnet6.0-6.0.109-1.fc35
This is the monthly .NET 6 update for September 2022. It updates the .NET SDK to 6.0.109 and Runtime to 6.0.9.
This includes a fix for CVE-2022-38013
dotnet6.0-6.0.109-1.fc36
This is the monthly .NET 6 update for September 2022. It updates the .NET SDK to 6.0.109 and Runtime to 6.0.9.
This includes a fix for CVE-2022-38013
dotnet6.0-6.0.109-1.fc37
This is the monthly .NET 6 update for September 2022. It updates the .NET SDK to 6.0.109 and Runtime to 6.0.9.
This includes a fix for CVE-2022-38013
It was discovered that libXdmcp was generating weak session keys.
A local attacker could possibly use this issue to perform a brute
force attack and obtain another user’s key.
python3.8-3.8.15-1.fc36
The release you’re looking at is Python 3.8.15, a security bugfix release for the legacy 3.8 series. https://docs.python.org/release/3.8.15/whatsnew/changelog.html#python-3-8-15-final
Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.
