353 matches found
AZL-63753 CVE-2025-5918 affecting package cmake for versions less than 3.30.3-8
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memo...
AZL-63818 CVE-2025-5917 affecting package cmake for versions less than 3.21.4-20
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to...
AZL-63824 CVE-2025-5916 affecting package cmake for versions less than 3.21.4-20
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...
AZL-63821 CVE-2025-5918 affecting package cmake for versions less than 3.21.4-20
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memo...
AZL-63756 CVE-2025-5917 affecting package cmake for versions less than 3.30.3-8
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to...
AZL-63759 CVE-2025-5916 affecting package cmake for versions less than 3.30.3-8
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...
AZL-62038 CVE-2025-5025 affecting package cmake for versions less than 3.30.3-6
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
AZL-62055 CVE-2025-4947 affecting package cmake for versions less than 3.30.3-7
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...
cmake bug fix and enhancement update
An update is available for cmake. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10...
Azure Linux 3.0 Security Update: cmake / libarchive (CVE-2024-48615)
The version of cmake / libarchive installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48615 advisory. - Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdt...
CVE-2024-48615 affecting package cmake for versions less than 3.30.3-6
CVE-2024-48615 affecting package cmake for versions less than 3.30.3-6. A patched version of the package is available...
CBL Mariner 2.0 Security Update: cmake / libarchive (CVE-2024-48615)
The version of cmake / libarchive installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48615 advisory. - Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdt...
CVE-2024-48615 affecting package cmake for versions less than 3.21.4-17
CVE-2024-48615 affecting package cmake for versions less than 3.21.4-17. A patched version of the package is available...
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is available...
AZL-59338 CVE-2024-48615 affecting package cmake for versions less than 3.21.4-17
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...
AZL-59385 CVE-2024-48615 affecting package cmake for versions less than 3.30.3-6
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...
Azure Linux 3.0 Security Update: cmake / nghttp2 / nodejs / nodejs18 (CVE-2023-35945)
The version of cmake / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-35945 advisory. - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's...
Security update for curl
This update for curl fixes the following issues: Update to 8.12.1: Bugfixes: asyn-thread: fix build with 'CURLDISABLESOCKETPAIR' asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curlresolvergetsock asyn-thread: survive a c-ares channel set to NULL cmake: always reference...
SUSE CVE-2025-1866
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32...
CVE-2025-1866
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32...