3153 matches found
AZL-28777 CVE-2023-32643 affecting package glib for versions less than 2.71.0-4
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initi...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428...
Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE
TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...
electron24 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933. Security: backported fix for CVE-2023-2932. Security: backported fix for CVE-2023-2931. Security: backported fix for CVE-2023-2936...
electron23 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933...
electron22 -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2723. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079...
CVE-2023-32636
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...
CLSA-2023-1685631644 dhcp: Fix of 2 CVEs
CVE-2022-2928: option refcount overflow when leasequery is enabled leading to dhcpd abort - CVE-2022-2929: DHCP memory leak - Backported tests from upstream, for this and other CVEs...
CLSA-2023-1685629665 dhcp: Fix of 2 CVEs
CVE-2022-2928: option refcount overflow when leasequery is enabled leading to dhcpd abort - CVE-2022-2929: DHCP memory leak - Backported tests from upstream, for this and other CVEs...
Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 2.3.0: new RHEL 8 container images
New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images are now available New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.2.1 on RHEL 8 container images are advised to...
CVE-2023-30450
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...
Apple Issues Urgent Security Update for Older iOS and iPadOS Models
Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529 , concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant wi...
Updated heimdal packages fix security vulnerability
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to b...
SUSE CVE-2022-45142
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...
AZL-25604 CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...
Important: Red Hat Security Advisory: Red Hat build of Cryostat security update
Updated Cryostat 2 on RHEL 8 container images are now available The Cryostat 2 on RHEL 8 container images have been updated to fix "CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key" and to address the following security advisory: RHSA-2023:0625 see References Users of...
SUSE CVE-2005-0757
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service system crash via certain actions on an ext3 file system with extended attributes enabled...
SUSE CVE-2017-1000394
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...