A flaw was found in OpenEXR’s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
openvpn-2.5.6-1.fc35
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
openvpn-2.5.6-1.fc34
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
openvpn-2.5.6-1.fc36
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
