[SECURITY] Fedora 42 Update: rust-onefetch-2.26.1-7.fc42

Command-line Git information tool...

MiracleLinux 3 : sos-1.7-9.62.1.0.1.AXS3 (AXSA:2013-582:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-582:01 advisory. Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging...

CVE-2023-25955

National land numerical information data conversion tool all versions improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...

The vulnerability of the Kernel-Mode Driver driver, a software used for displaying technical information about a user’s computer, such as the CPU-Z, allows a hacker to increase their privileges.

The vulnerability of the Kernel-Mode Driver driver, which is used to display technical information about the user’s computer CPU-Z, relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

poppler: pdfinfo: crash in broken documents when using -dests parameter

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service...

jasper: missing jas_matrix_create() parameter checks

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690...

UBUNTU-CVE-2016-8884

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690...

UBUNTU-CVE-2016-8691

The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted XRsiz value in a BMP image to the imginfo command...

perl-Image-Info XML External Entity Injection Vulnerability

perl-Image-Info extracts meta information from various types of image files. perl-Image-Info suffers from an XML external entity injection vulnerability that can be exploited by attackers to obtain sensitive information or cause a denial of service condition...

Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)

The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...