CVE-2022-41954

CVE-2022-41954 affects MPXJ prior to 10.14.1 on Unix-like systems, where using File.createTempFile(..) creates temporary files with -rw-r--r-- permissions, allowing other local users to read in-use schedule data. The vulnerability is patched in MPXJ 10.14.1 and later. A workaround is to set java....

GHSA-562R-VG33-8X8H TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 51k Example of vulnerable code: java String s = "some very large string greater than 51200 bytes"; PreparedStatement.setInputStream1...

Elevation of Privilege Vulnerability in FRRouting

FRRouting is FRRouting Project open source a network routing software suite running on a Unix-like platform . FRRouting security vulnerabilities , an attacker can exploit the vulnerability by creating a configuration to bypass its restrictions on the way to elevation of privilege...

PT-2022-5790 · Pgjdbc +8 · Pgjdbc +8

Name of the Vulnerable Software and Affected Versions: pgjdbc versions prior to 4.5.0 Description: The issue is related to the implementation of the PreparedStatement.setText or PreparedStatement.setBytea methods in the PgJDBC driver, which can lead to the creation of temporary files that are...

CVE-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

Moderate: Red Hat Security Advisory: dovecot security and enhancement update

An update for dovecot is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

dovecot security and enhancement update

An update is available for dovecot. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Dovecot is an IMAP server for Linux and other UNIX-like systems, written...

RLSA-2022:8208 Moderate: dovecot security and enhancement update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

ALSA-2022:8208 Moderate: dovecot security and enhancement update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

Moderate: dovecot security and enhancement update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

Moderate: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RLSA-2022:7623 Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: dovecot...

ALSA-2022:7623 Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: dovecot...

[SECURITY] Fedora 37 Update: kitty-0.26.3-2.fc37

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

Fedora: Security Advisory for kitty (FEDORA-2022-04bc7cd075)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the scheduler daemon in UNIX-like operating systems, Cron, related to pointer arithmetic errors, allows a malicious actor to trigger a service failure.

The vulnerability of the Cron task scheduler in UNIX-like operating systems is related to pointer dereferencing errors. Exploiting this vulnerability allows a perpetrator to cause service failures...

GLSA-202209-06 : Rizin: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-06 Rizin: Multiple Vulnerabilities - Rizin v0.4.0 and below was discovered to contain an integer overflow via the function getlongobject. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted...

CVE-2022-36044

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on t...

CVE-2022-36043

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rzbinrelocstoragefree when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this...

Double free

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rzbinrelocstoragefree when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this...