NULL pointer dereference in krb5-appl telnetd. (CVE-2022-39028) References: - https://bugs.mageia.org/show_bug.cgi?id=30918 - https://lists.suse.com/pipermail/sle-security-updates/2022-September/012454.html
http-parser could be made to expose sensitive data if it received a specially crafted request. (CVE-2020-8287) References: - https://bugs.mageia.org/show_bug.cgi?id=30740
Authentication bypass and code execution vulnerability. (CVE-2022-26691) References: - https://bugs.mageia.org/show_bug.cgi?id=30480 - https://openprinting.github.io/cups-2.4.2/
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. (CVE-2022-26505) References: - https://bugs.mageia.org/show_bug.cgi?id=30115
This update provides the upstream 6.1.40 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.40 contains a difficult to exploit vulnerability that allows high privileged attacker
GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. (CVE-2022-41550) References: - https://bugs.mageia.org/show_bug.cgi?id=30963
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795)
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. (CVE-2022-40320) References: - https://bugs.mageia.org/show_bug.cgi?id=30856
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)
