40 matches found
Astra Linux – Vulnerability in dpkg
In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...
AZL-64227 CVE-2025-49180 affecting package xorg-x11-server for versions less than 1.20.10-16
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...
AZL-64196 CVE-2025-49176 affecting package xorg-x11-server 1.20.10-6
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...
AZL-64235 CVE-2025-49175 affecting package xorg-x11-server for versions less than 1.20.10-16
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...
CVE-2023-46653
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...
CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15
CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15. A patched version of the package is available...
AZL-57404 CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms differs from what is written in XkbWriteKeySyms, which may lead to a heap-based buffer overflow...
AZL-57479 CVE-2025-26597 affecting package xorg-x11-server for versions less than 1.20.10-15
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...
CVE-2024-9632 affecting package xorg-x11-server for versions less than 1.20.10-13
CVE-2024-9632 affecting package xorg-x11-server for versions less than 1.20.10-13. A patched version of the package is available...
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1. A patched version of the package is available...
CVE-2024-31080 affecting package xorg-x11-server for versions less than 1.20.10-11
CVE-2024-31080 affecting package xorg-x11-server for versions less than 1.20.10-11. A patched version of the package is available...
AZL-44382 CVE-2024-31083 affecting package xorg-x11-server 1.20.10-6
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
AZL-39349 CVE-2024-31080 affecting package xorg-x11-server for versions less than 1.20.10-11
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...
AZL-33352 CVE-2024-0408 affecting package xorg-x11-server for versions less than 1.20.10-14
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...
AZL-33351 CVE-2024-0409 affecting package xorg-x11-server for versions less than 1.20.10-12
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
skopeo security update
2:1.13.3-3 - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 2:1.13.3-2 - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786...
PT-2023-7932
Name of the Vulnerable Software and Affected Versions Go versions 1.21.3 and earlier, 1.20.10 and earlier Description The issue is related to the IsLocal function not correctly detecting reserved device names in some cases on Windows. Specifically, reserved names followed by spaces, such as "COM1...
GHSA-HPV3-F5P7-PXJ9 Jenkins lambdatest-automation Plugin may expose Credentials access token
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...
Jenkins Plugin lambdatest-automation Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A security vulnerability...
Amazon Linux 2 : golang (ALAS-2023-2313)
The version of golang installed on the remote host is prior to 1.20.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2313 advisory. 2024-01-03: CVE-2023-39319 was added to this advisory. 2023-10-30: CVE-2023-39318 was added to this advisory. The...