6423 matches found
Moderate: LibRaw security update
LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 For more details about the security issues, including the...
Moderate: edk2 security, bug fix, and enhancement update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 openssl: Possibl...
Moderate: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: null pointer dereference in LZWDecode in libtiff/tiflzw.c CVE-2023-2731 libtiff: tiffcrop: null pointer dereference in TIFFClose CVE-2023-3316 libtiff: memory leak in...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: TELNET option IAC injection CVE-2023-27533 curl: SFTP...
Moderate: python3.11-pip security update
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...
Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: IEEE C37.118 Synchrophasor dissector crash CVE-2023-0668 wireshark: Candump log file parser cra...
Moderate: perl-HTTP-Tiny security update
HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...
Moderate: flatpak security, bug fix, and enhancement update
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgraded to a later upstream version: flatpak 1.12.8. BZ2221792 Security Fixes: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual consol...
Moderate: libmicrohttpd security update
GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fixes: libmicrohttpd: remote DoS CVE-2023-27371 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
Moderate: libqb security update
The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fixes: libqb: Buffer overflow in logblackbox.c CVE-2023-39976 For more details...
Moderate: python-pip security update
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...
AlmaLinux 8 : .NET 6.0 (ALSA-2023:6245)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:6245 advisory. - .NET Core and Visual Studio Denial of Service Vulnerability CVE-2023-36799 Note that Nessus has not tested for this issue but has instead relied only on the...
AlmaLinux 8 : binutils (ALSA-2023:6236)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:6236 advisory. - An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of...
AlmaLinux 8 : .NET 7.0 (ALSA-2023:6247)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:6247 advisory. - .NET Core and Visual Studio Denial of Service Vulnerability CVE-2023-36799 Note that Nessus has not tested for this issue but has instead relied only on the...
AlmaLinux 8 : squid:4 (ALSA-2023:6267)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:6267 advisory. SQUID-2023:3 squid: Denial of Service in HTTP Digest Authentication CVE-2023-46847 SQUID-2023:1 squid: Request/Response smuggling in HTTP/1.1 and ICAP...
AlmaLinux 9 : ghostscript (ALSA-2023:6265)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:6265 advisory. - In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the I...
AlmaLinux 9 : .NET 7.0 (ALSA-2023:6246)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:6246 advisory. - .NET Core and Visual Studio Denial of Service Vulnerability CVE-2023-36799 Note that Nessus has not tested for this issue but has instead relied only on the...
AlmaLinux 9 : .NET 6.0 (ALSA-2023:6242)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:6242 advisory. - .NET Core and Visual Studio Denial of Service Vulnerability CVE-2023-36799 Note that Nessus has not tested for this issue but has instead relied only on the...
AlmaLinux 9 : squid (ALSA-2023:6266)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:6266 advisory. - SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past...
AlmaLinux 9 : firefox (ALSA-2023:6188)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:6188 advisory. - VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 - It was possible for certain browser prompts and...