SUSE-SU-2022:2606-1 Security update for booth

This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored bsc1201946...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop versions 1.6.0.10 through 1.7.8.6, which stems from a...

PT-2022-23309 · Npm · File-Type

Name of the Vulnerable Software and Affected Versions: file-type versions 13.0.0 through 16.5.4 file-type versions 17.x before 17.1.3 Description: An issue was discovered in the file-type package for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loo...

SUSE-SU-2022:2325-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed predictable log file in /tmp in mariadb.in bsc1146691. - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address bsc1199766 - Implement options to disable DAD and to allow sending NA in the background...

CVE-2022-20146

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

SUSE-SU-2022:14890-1 Security update for tcpdump

This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files bsc1195825...

Libxls 代码问题漏洞

libxls is a C library that can read Excel xls files. libxls version 1.6.2 contains a null pointer dereference vulnerability in the xlsgetWorkSheet function in xls.c. An attacker could exploit the vulnerability to cause a denial of service via a specially crafted XLS file...

OPENSUSE-SU-2021:1024-1 Security update for openscad

This update for openscad fixes the following issues: - CVE-2020-28600: A specially crafted STL file could lead to code execution via out-of-bounds write in importstl.cc:importstl bsc1185975...

Error: Element Not Found on launching. ica file with Citrix Workspace app (from Microsoft Store)

Note: This issue applies to, Citrix Workspace app Microsoft store. Launching a virtual app or desktop using .ica file with Citrix Workspace app for Windows Microsoft store version leads to “Element not found” Error...

UBUNTU-CVE-2021-32550

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users...

OPENSUSE-SU-2021:0715-1 Security update for nagios

This update for nagios fixes the following issues: - new nagios-exec-start-post script to fix boo1003362 - fix nagiosupgrade.sh writing to log file in user controlled directory boo1182398. The nagiosupgrade.sh script writes the logfile directly below /var/log/ nagios was updated to 4.4.6: Fixed M...

CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

SUSE-SU-2020:1273-1 Security update for grafana

This update for grafana to version 4.6.5 fixes the following issues: Security issues fixed: - CVE-2019-15043: Added authentication to a few rest endpoints jscSOC-10357, bsc1148383. - CVE-2018-19039: Fixed File Exfiltration vulnerability jscSOC-9976 bsc1115960. - CVE-2018-15727: Fixed an LDAP and...

CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling...

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

CVE-2011-5271

Pacemaker before 1.1.6 configure script creates temporary files insecurely...

OPENSUSE-SU-2019:2108-1 Security update for SDL2_image

This update for SDL2image fixes the following issues: Update to new upstream release 2.0.5. Security issues fixed: TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file boo1140419 TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow...

PT-2019-13577 · Mcpp +1 · Mcpp +1

Name of the Vulnerable Software and Affected Versions: MCPP version 2.7.2 Description: The issue is a heap-based buffer overflow in the do msg function located in support.c. This overflow can potentially lead to arbitrary code execution, allowing an attacker to execute malicious code on the...