A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.
Category Archives: Advisories
CVE-2014-125001
A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.
USN-5440-1: PostgreSQL vulnerability
Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user’s objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.
USN-5439-1: AccountsService vulnerability
Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped
privileges. A local user could possibly use this issue to cause
AccountsService to crash or stop responding, resulting in a denial of
service. (CVE-2022-1804)
DSA-5146 puma – security update
Multiple security vulnerabilities were discovered in Puma, a HTTP server
for Ruby/Rack applications, which could result in HTTP request smuggling
or information disclosure.
DSA-5145 lrzip – security update
Multiple vulnerabilities have been discovered in the lrzip compression
program which could result in denial of service or potentially the
execution of arbitrary code.
USN-5438-1: HTMLDOC vulnerability
It was discovered that HTMLDOC did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted HTML
file, a remote attacker could possibly use this issue to cause HTMLDOC to
crash, resulting in a denial of service, or possibly execute arbitrary code.
python-jwt-2.4.0-1.el9
FEDORA-EPEL-2022-91e9137f63
Packages in this update:
python-jwt-2.4.0-1.el9
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc36
FEDORA-2022-3cf456dc20
Packages in this update:
python-jwt-2.4.0-1.fc36
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc35
FEDORA-2022-4ae9110f51
Packages in this update:
python-jwt-2.4.0-1.fc35
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24