Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB
messages. An attacker could possibly use this to perform a
machine-in-the-middle attack. (CVE-2022-32208)
golang-1.17.10-1.el7
Update to 1.17.10, Security fix for CVE-2022-24921, CVE-2022-28327, CVE-2022-24675, and CVE-2022-29526
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during CVE-2013-4464. Notes: none.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
There is an object injection vulnerability in swfupload plugin for wordpress.
openssl-1.1.1p-1.fc35
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1p-1
– Upgrade to 1.1.1p
Resolves: CVE-2022-2068
Related: rhbz#2099975
Security fix for CVE-2022-2068
