A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user’s objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.
Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped
privileges. A local user could possibly use this issue to cause
AccountsService to crash or stop responding, resulting in a denial of
service. (CVE-2022-1804)
Multiple security vulnerabilities were discovered in Puma, a HTTP server
for Ruby/Rack applications, which could result in HTTP request smuggling
or information disclosure.
Multiple vulnerabilities have been discovered in the lrzip compression
program which could result in denial of service or potentially the
execution of arbitrary code.
It was discovered that HTMLDOC did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted HTML
file, a remote attacker could possibly use this issue to cause HTMLDOC to
crash, resulting in a denial of service, or possibly execute arbitrary code.
python-jwt-2.4.0-1.el9
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc36
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc35
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
