2751 matches found
Updated libcue packages fix a security vulnerability
Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it is then automatically scanned by tracker-miners. And because it has a .c...
MGASA-2023-0273 Updated quictls packages fix security vulnerabilities
The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...
Updated flac packages fix security vulnerability
The updated packages fix a security vulnerability: Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVE-2020-22219...
Medium: curl
Issue Overview: libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into t...
Updated webkit2 packages fix security vulnerability
Out-of-bounds read CVE-2023-28204 Use-after-free issue CVE-2023-32373...
Security Bulletin: A vulnerability in Etcd-io could affect IBM CICS TX Advanced [CVE-2021-28235]
Summary CVE-2021-28235 related to etcd package could affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. CVE-2021-28235 Vulnerability Details CVEID:CVE-2021-28235 DESCRIPTION: Etcd-io could allow a remote attacker to gain elevated privileges on the system, caused b...
Updated golang packages fix security vulnerability
Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...
Updated ldb/samba packages fix security vulnerability
Deletion of AD DC "dnsHostname" attribute by unprivileged authenticated users CVE-2023-0225 Read access controlled AD LDAP attributes CVE-2023-0614 Cleartext password sending by AD DC admin tool CVE-2023-0922...
MGASA-2023-0121 Updated xapian packages fix security vulnerability
Xapian database corruption on disk full is possible. It doesn't happen in every case as ENOSPC needs to happen on a particular operation during the commit but then not happen on a repeat attempt at that operation. bdo1032398...
Updated libmicrohttpd packages fix security vulnerability
In the MHDPostProcessor, malformed inputs can be used to crash the server for denial-of-service...
Updated webkit2 packages fix security vulnerability
Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42826 CVE-2023-23517 CVE-2023-23518...
MGASA-2022-0486 Updated webkit2 packages fix security vulnerability
The updated packages fix security vulnerabilities and other issues. See references for details...
MGASA-2022-0484 Updated thunderbird packages fix security vulnerability
Drag and Dropped Filenames could have been truncated to malicious extensions. CVE-2022-46874...
MGASA-2022-0421 Updated webkit2 packages fix security vulnerability
The updated packages fix a security vulnerability and other issues...
Updated nodejs packages fix security vulnerability
DNS rebinding in --inspect via invalid octal IP address CVE-2022-43548 In addition, 14.21.0 has provided the following changes: deps update corepack to 0.14.2 Node.js GitHub Bot 44775 src add --openssl-shared-config option Daniel Bevenius 43124...
Updated webkit2 packages fix security vulnerability
The updated packages fix a security vulnerability and other issues...
PT-2022-37581 · Mageia · Bluez
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue pertains to security vulnerabilities for which updated packages provide additional fixes. Details can be found in the references. Recommendations: At the moment, there is no...
MGASA-2022-0404 Updated libksba packages fix security vulnerability
Integer Overflow in LibKSBA. CVE-2022-3515...
Updated libofx packages fix security vulnerability
The updated packages fix memory issues in libofx. rhbz2127755...
Updated firefox packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...