CVE-2022-36108

TYPO3 (CMS Core) has a cross-site scripting vulnerability in the f:asset.css view helper that occurs when user input is passed as variables to the CSS. Affected versions require upgrading to TYPO3 10.4.32 or 11.5.16 to fix the issue. Other details vary across sources, but remediation is clearly t...

CVE-2022-36108 Cross-Site Scripting in typo3/cms-core

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...

gpg: Signature spoofing via status line injection

A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...

RLSA-2022:6463 Moderate: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: gpg: Signature spoofing via status line injection CVE-2022-34903 For more details about the security issues, including the impact, a CVSS...

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...

ALSA-2022:6463 Moderate: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: gpg: Signature spoofing via status line injection CVE-2022-34903 For more details about the security issues, including the impact, a CVSS...

Fedora: Security Advisory for mediawiki (FEDORA-2022-bca2c95559)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for libtar (FEDORA-2022-44a20bba43)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2014-9984: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer

Security Advisory ID : BSA-2022-607 Component : GNU C Library Revision : 1.1 nscd in the GNU C Library aka glibc or libc6 before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as...

CVE-2019-9169. Heap-based buffer over-read in the GNU C Library. (BSA-2022-776)

Security Advisory ID: BSA-2022-776 Component: GNU C Library Revision: 2.0 In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Notes: Brocade PSIRT has confirmed that...

CVE-2018-6485: An integer overflow in the implementation of the posix_memalign

Security Advisory ID : BSA-2022-623 Component : GNU C Library Revision : 1.0 An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too...

CVE-2015-4041: Denial of service (heap-based buffer overflow and application crash) in GNU Coreutils

Security Advisory ID : BSA-2022-1407 Component : GNU Coreutils Revision : 1.0 The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers ...

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

Security Advisory ID : BSA-2022-2073 Component : GNU Coreutils Revision : 1.0 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of...

[SECURITY] Fedora 37 Update: libtar-1.2.20-25.fc37

libtar is a C library for manipulating tar archives. It supports both the strict POSIX tar format and many of the commonly-used GNU extensions...

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

...

XWiki 11.3.7 < 13.10.4, 14.0 < 14.2 Privilege Escalation Vulnerability (GHSA-g4h6-qp44-wqvx)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

Fedora: Security Advisory for exim (FEDORA-2022-1ca1d22165)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: exim-4.96-2.fc36

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote low privileged attacker to force zgrep to write arbitrary files on the system.

...

openSUSE: Security Advisory for gimp (SUSE-SU-2022:3107-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...