CVE-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.3. AlmaLinux-37697 Security Fixes: ruby: Buffer overread vulnerabili...

[SECURITY] Fedora 40 Update: qt6-qttools-6.7.1-1.fc40

Qt6 - QtTool components...

ROS-20240422-10

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

SUSE CVE-2024-4764

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox 126...

SUSE CVE-2024-32610

HDF5 Library through 1.14.3 has a SEGV in H5Tclosereal in H5T.c, resulting in a corrupted instruction pointer...

CVE-2023-50229

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

[SECURITY] Fedora 39 Update: kernel-6.8.8-200.fc39

The kernel meta package...

file security update

5.39-16 - Fix stack-based buffer over-read in filecopystr CVE-2022-48554 5.39-15 - Fix segfault in python3-file-magic concurrent method calls...

SUSE CVE-2023-21962

unknown...

SUSE CVE-2023-22079

unknown...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

[SECURITY] Fedora 38 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

SUSE CVE-2023-51798

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: docker-compose, kaniko, neuvector-scanner, buf, grype, k3d, policy-controller, wolfictl, cri-tools, syft, harbor-scanner-trivy, docker, helm-push, dagger, melange...

ROS-20240411-10

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240411-11

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

CVE-2024-2496 affecting package libvirt for versions less than 7.10.0-8

CVE-2024-2496 affecting package libvirt for versions less than 7.10.0-8. A patched version of the package is available...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: temporal-ui-server, nri-nginx, thanos-operator, src-fingerprint, vault-k8s, timoni, mc, falcoctl, hcloud, dive, terraform-docs, nri-postgresql, prometheus-pushgateway, go-md2man, prometheus-alertmanager, kubernetes-dns-node-cache, tkn, flux-image-reflector-controller...

Moderate: Red Hat Security Advisory: less security update

An update for less is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...