A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
Category Archives: Advisories
USN-5440-1: PostgreSQL vulnerability
Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user’s objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.
USN-5439-1: AccountsService vulnerability
Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped
privileges. A local user could possibly use this issue to cause
AccountsService to crash or stop responding, resulting in a denial of
service. (CVE-2022-1804)
DSA-5146 puma – security update
Multiple security vulnerabilities were discovered in Puma, a HTTP server
for Ruby/Rack applications, which could result in HTTP request smuggling
or information disclosure.
DSA-5145 lrzip – security update
Multiple vulnerabilities have been discovered in the lrzip compression
program which could result in denial of service or potentially the
execution of arbitrary code.
USN-5438-1: HTMLDOC vulnerability
It was discovered that HTMLDOC did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted HTML
file, a remote attacker could possibly use this issue to cause HTMLDOC to
crash, resulting in a denial of service, or possibly execute arbitrary code.
python-jwt-2.4.0-1.el9
FEDORA-EPEL-2022-91e9137f63
Packages in this update:
python-jwt-2.4.0-1.el9
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc36
FEDORA-2022-3cf456dc20
Packages in this update:
python-jwt-2.4.0-1.fc36
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc35
FEDORA-2022-4ae9110f51
Packages in this update:
python-jwt-2.4.0-1.fc35
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
USN-5437-1: libXfixes vulnerability
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.