Slackware: Security Advisory (SSA:2022-269-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] vim

New vim packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.0.0594-i586-1slack15.0.txz: Upgraded. Fixed stack-based buffer overflow. Thanks to marav for the heads-up. In addition, Mig21...

Slackware: Security Advisory (SSA:2022-266-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] vim

New vim packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.0.0558-i586-1slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see:...

Adobe Bridge heap buffer overflow vulnerability (CNVD-2023-17019)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Bridge Resource Management Error Vulnerability (CNVD-2022-66013)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a resource management error, which stems from the impact of post-release reuse and can be exploited by attackers to execute arbitrary code in the context of the current user...

Adobe Bridge heap buffer overflow vulnerability (CNVD-2023-17020)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.33-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix memory leak in EdDSA verify...

Adobe Bridge Buffer Overflow Vulnerability (CNVD-2022-64965)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a buffer overflow vulnerability that stems from an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

Slackware: Security Advisory (SSA:2022-263-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2022-263-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Bridge Buffer Overflow Vulnerability (CNVD-2022-64967)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a buffer overflow vulnerability that stems from an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

The vulnerability of the Mozilla Firefox browser for iOS, related to insufficient protection of registration data, allows a hacker to gain access to user passwords for the current domain.

The vulnerability of the Mozilla Firefox browser for iOS is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to user passwords for the current domain...

CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

DEBIAN-CVE-2022-39955

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

Authentication flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

UBUNTU-CVE-2022-39955

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

Adobe Bridge SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG...

Adobe Bridge 缓冲区错误漏洞

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a buffer overflow vulnerability that stems from an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG...