CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

GHSA-3P3G-VPW6-4W66 Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

Updated chromium-browser-stable packages fix security vulnerabilites

Updated chromium-browser-stable packages fix security vulnerabilities: Several security issues and other bugs have been fixed since our previous update. See the upstream release announcements for details. Note that as of version 35, the Chromium browser no longer supports browser plugins, includi...

Fedora 8 : rb_libtorrent-0.12-3.fc8 (2008-1198)

A potential remote exploit was found in the bdecoderecursive routine that could trigger a stack overflow when passed malformed message data. This release adds a fix for this issue from the upstream subversion repository that limits the maximum recursive depth of this function. Note that Tenable...