An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllersadmin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.
skopeo-1.7.0-1.fc34
Security fix for CVE-2022-21698, skopeo likely not directly impacted
skopeo-1.7.0-1.fc36
Security fix for CVE-2022-21698, skopeo likely not directly impacted
tests subpackage depends on /usr/sbin/unsquashfs
skopeo-1.7.0-1.fc35
Security fix for CVE-2022-21698, skopeo likely not directly impacted.
tests subpackage depends on /usr/sbin/unsquashfs
openssl1.1-1.1.1n-1.fc36
Security fix for CVE-2022-0778
openssl1.1-1.1.1n-1.fc37
Automatic update for openssl1.1-1.1.1n-1.fc37.
* Thu Mar 24 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1n-1
– Upgrade to version 1.1.1n
Resolves: CVE-2022-0778, rhbz#2064918
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
