PT-2023-31176 · Unknown +3 · Budgie Extras +3

Name of the Vulnerable Software and Affected Versions: Budgie Extras affected versions not specified Description: Temporary data passed between application components by the Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is...

Ubuntu Budgie Extras Security Vulnerability

Ubuntu Budgie Extras is a package in the Ubuntu Budgie open source. A security vulnerability exists in Ubuntu Budgie Extras that stems from temporary data passed between application components that could be viewed or manipulated...

Ubuntu Budgie Extras Security Vulnerability

Ubuntu Budgie Extras is a package in the Ubuntu Budgie open source. A security vulnerability exists in Ubuntu Budgie Extras that stems from temporary data passed between application components that could be viewed or manipulated...

CVE-2023-49342

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

UBUNTU-CVE-2023-49347

Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false...

PT-2023-31174 · Unknown +3 · Budgie Extras Dropby Applet +3

Name of the Vulnerable Software and Affected Versions: Budgie Extras Dropby applet affected versions not specified Description: Temporary data passed between application components by the Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that...

CVE-2023-49346

Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

PT-2023-31178 · Unknown +3 · Budgie Extras +3

Name of the Vulnerable Software and Affected Versions: Budgie Extras affected versions not specified Description: Temporary data passed between application components by Budgie Extras could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who h...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11 low-latency extras update

An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 4.11. Secondary scheduler builds and numaresources-operator are also available for technical preview with this release, howev...

Medium: containerd

Issue Overview: A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on...

Important: tomcat

Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

Medium: ecs-init

Issue Overview: No CVE was issued for this update. Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Medium: python-paramiko

Issue Overview: In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. CVE-2022-24302 Affected Packages: python-paramiko Note: This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit...

Important: squid

Issue Overview: A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack...

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the...

SUSE-SU-2023:3536-1 Security update for docker

This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc1213120 - Recommend...

SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression

SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...

GHSA-773G-X274-8QMF SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression

SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...