795 matches found
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
[SECURITY] [DSA 5372-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 [email protected] https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DSA 5346-1] libde265 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5346-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 10, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5344-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 08, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5336-1] glance security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5336-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5333-1] tiff security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5333-1 [email protected] https://www.debian.org/security/ Aron Xu January 29, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DLA 3267-1] libxstream-java security update
Debian LTS Advisory DLA-3267-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 11, 2023 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb10u4 CVE ID : CVE-2022-41966 Debian Bug : 1027754 XStream serializes Java objects to XML a...
[SECURITY] [DSA 5315-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5315-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5313-1] hsqldb security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5313-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5304-1] xorg-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5304-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5296-1] xfce4-settings security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5296-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez December 06, 2022 https://www.debian.org/security/faq -...
CVE-2022-41912
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...
[SECURITY] [DLA 3192-1] lava security update
Debian LTS Advisory DLA-3192-1 [email protected] https://www.debian.org/lts/security/ Dominik George November 17, 2022 https://wiki.debian.org/LTS Package : lava Version : 2019.01-5+deb10u1 CVE ID : CVE-2022-42902 Debian Bug : 1021737 It was discovered that lavaserver allowed remote cod...
[SECURITY] [DSA 5275-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5275-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2022 https://www.debian.org/security/faq -...
DEBIAN-CVE-2022-32888
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution...
[SECURITY] [DSA 5254-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5254-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 15, 2022 https://www.debian.org/security/faq -...
DEBIAN-CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...
[SECURITY] [DSA 5231-1] connman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5231-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 17, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5225-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5225-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 06, 2022 https://www.debian.org/security/faq -...
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...