CVE-2019-6706 affecting package lua for versions less than 5.3.5-11

CVE-2019-6706 affecting package lua for versions less than 5.3.5-11. A patched version of the package is available...

CVE-2021-31879 affecting package wget for versions less than 1.21.2-1

CVE-2021-31879 affecting package wget for versions less than 1.21.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-27145

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gfisomgetsampleformovietime of mp4box...

Data Transfer Project 安全漏洞

Google Data Transfer Project is an open source data transfer project of the U.S. company Google Google. It enables people to easily transfer data between online service providers. A security vulnerability exists in data-transfer-project that originates on Unix-like systems where the system...

Updated webkit2 packages fix security vulnerability

Fix accessibility not working when the Bubblewrap sandbox is enabled. Fix rendering of scrollbars when overlay scrollbars are disabled. Fix the build when the X11 support is disabled. Fix the build in a number of situations where the main OpenGL library is not called libGL or libgl, as is the cas...

log4j security update

0:1.2.14-6.4.1 - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 Orabug: 33689748...

Security Vulnerability found in ExifTool leading to RCE

Debian Security tracker reports: ExifTool.pm in ExifTool before 12.38 mishandles a file special characters check, leading to command injection...

CVE-2021-42378 affecting package busybox 1.32.0-2

CVE-2021-42378 affecting package busybox 1.32.0-2. An upgraded version of the package is available that resolves this issue...

CVE-2021-3974

vim is vulnerable to Use After Free...

gcc-toolset-10-binutils security update

2.35-8.6 - Add ability to control the display of unicode characters. 2009176...

CVE-2021-21685

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePathmkdirs...

CVE-2020-21529

fig2dev 3.2.7b contains a stack buffer overflow in the bezierspline function in genepic.c...

Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2021-3712)

Summary Security vulnerability have been disclosed on 24th August 2021 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could...

minio -- MITM attack

minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipp...

CVE-2021-22188

Removed by vendor...

Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: container users permissions are not respected in privileged containers CVE-2021-20188 For more details about the security issues, including the impact, a CVSS...

CVE-2021-27229

Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text...

Code Injection in unix121/i3wm-themer

Description i3wm-themer is the theme collection manager for i3-wm which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash git clone https://github.com/unix121/i3wm-themer cd i3wm-themer/...

CVE-2020-28941 affecting package kernel 5.4.91-6

CVE-2020-28941 affecting package kernel 5.4.91-6. A patched version of the package is available...

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...