8 matches found
Medium: ghostscript
Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...
Important: qt5-qtconnectivity
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl CVE-2021-47634 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user t...
Important: ghostscript
Issue Overview: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix. CVE-2023-36664 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ sectio...
Medium: wpa_supplicant
Issue Overview: wpasupplicant: potential authorization bypass CVE-2023-52160 Affected Packages: wpasupplicant Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...
Important: python-lxml
Issue Overview: Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function. CVE-2014-3146 An issue was discovered in lxml before 4.2.5...
Important: xorg-x11-server
Issue Overview: A flaw was found in xorg-x11-server. An interger underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-3472 Affected Packages:...
Important: thunderbird
Issue Overview: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3...