MGASA-2024-0057 Updated screen packages fix security vulnerability

The updated package fixes a security vulnerability: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the...

EulerOS 2.0 SP8 : gdb (EulerOS-SA-2024-1266)

According to the versions of the gdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfddwarf2findnearestlinewithalt a...

[SECURITY] [DLA 3755-1] tar security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3755-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 09, 2024 https://wiki.debian.org/LTS -...

Fedora: Security Advisory for octave (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for icecat (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-tdewolff-argp (FEDORA-2024-c3e32c5635)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jline2-2.14.6-12.fc40

JLine is a Java library for handling console input. It is similar in functionality to BSD editline and GNU readline. People familiar with the readline/editline capabilities for modern shells such as bash and tcsh will find most of the command editing features of JLine to be familiar...

[SECURITY] Fedora 40 Update: jericho-html-3.3-30.fc40

Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognized or invalid HTML. It also provides high-level HTML form manipulation functions. It is an open source library released under...

[SECURITY] Fedora 40 Update: gnulib-0-50.20230709git.fc40

The GNU portability library is a macro system and C declarations and definitions for commonly-used API elements and abstracted system behaviors. It can be used to improve portability and other functionality in your program s...

[SECURITY] Fedora 40 Update: icecat-115.8.0-2.rh1.fc40

GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. JShelter: Mitigates potential threats from JavaScript, including...

[SECURITY] Fedora 40 Update: BareBonesBrowserLaunch-3.1-33.fc40

Utility class to open a web page from a Swing application in the user's default browser. Supports: Mac OS X, GNU/Linux, Unix, Windows XP...

[SECURITY] Fedora 38 Update: golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38

GNU command line argument parser...

[SECURITY] Fedora 39 Update: golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc39

GNU command line argument parser...

BIT-TYPO3-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

BIT-TYPO3-2021-41113

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

BIT-TYPO3-2021-41114

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

BIT-TYPO3-2022-36104

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

BIT-TYPO3-2022-36106

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even ...

BIT-TYPO3-2022-36107

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...

BIT-TYPO3-2023-24814

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...