Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-1055)
It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-27666)
It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.
buildah-1.23.3-1.fc34
Security fix for CVE-2022-27651
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices.
This issue affects:
Wyze Cam Pan v2
versions prior to 4.49.1.47.
Wyze Cam v2
versions prior to 4.9.8.1002.
Wyze Cam v3
versions prior to 4.36.8.32.
buildah-1.23.3-2.fc35
Security fix for CVE-2022-27651
buildah-1.25.1-1.fc36
Security fix for CVE-2022-27651
Gating tests: include more package versions
Automatic update for buildah-1.24.2-1.fc36.
* Thu Feb 17 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.24.2-1
– bump to v1.24.2
* Fri Feb 4 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.24.1-1
– bump to v1.24.1
Automatic update for buildah-1.24.1-1.fc36.
* Fri Feb 4 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> 1.24.1-1
– bump to v1.24.1
USN-5355-1 fixed a vulnerability in zlib. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Danilo Ramos discovered that zlib incorrectly handled memory when
performing certain deflating operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.
chromium-99.0.4844.84-1.el7
Minor update for CVE-2022-1096.
Also fixes dependency issues for chrome-remote-desktop and sizing issues where some libraries/binaries were not being stripped.
