This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
A directory traversal vulnerability was discovered in the Metadata
anonymisation toolkit, which could result in information disclosure via
a malformed ZIP archive.
Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in privilege escalation. In addition this updates provides
mitigations for the Retbleed speculative execution attack and the
MMIO stale data vulnerabilities.
python-notebook-6.4.11-3.fc36
Security fix for CVE-2022-24785 and CVE-2022-31129.
python-notebook-6.4.0-4.fc35
Security fix for CVE-2022-24785 and CVE-2022-31129.
python-ujson-5.4.0-1.el9
Security fix for CVE-2022-31116 and CVE-2022-31117.
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
python-ujson-5.4.0-1.fc36
Security fix for CVE-2022-31116 and CVE-2022-31117.
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
