지락문화예술공작단

USN-5528-1: FreeType vulnerabilities It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code. Source: USN-5528-1: FreeType vulnerabilities

USN-5525-1: Apache XML Security for Java vulnerability It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information. Source: USN-5525-1: Apache XML Security for Java vulnerability

USN-5527-1: Checkmk vulnerabilities It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955) It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565) Source: USN-5527-1: Checkmk vulnerabilities

USN-5526-1: PyJWT vulnerability Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature. Source: USN-5526-1: PyJWT vulnerability