173 matches found
Fedora: Security Advisory for libre (FEDORA-2024-a63e807450)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: libre-3.10.0-1.fc40
Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...
UBUNTU-CVE-2023-41326
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...
CVE-2023-42461
GLPI (Gestionnaire Libre de Parc Informatique) has an SQL injection vulnerability (CVE-2023-42461) in the ticket/search path where the ITIL actor input field in the Ticket form can be exploited. This affects GLPI versions prior to 10.0.13; an authenticated user can abuse the vulnerable query, pot...
CVE-2023-41888
CVE-2023-41888 concerns GLPI (Gestionnaire Libre de Parc Informatique). Multiple connected sources describe vulnerabilities in GLPI prior to fixed versions, including pre-10.13 and pre-10.0.13 lines, with various flaws (SQL injection, SSRF, XSS, unauthorized data access) that could enable informa...
CVE-2023-41324
GLPI (Gestionnaire Libre de Parc Informatique) vulnerability CVE-2023-41324 is evidenced in connected records as a SQL injection flaw in GLPI’s search functionality. Affected are GLPI versions prior to 10.0.13 (per PT Security entries); authenticated users can exploit the flaw to access or extrac...
CVE-2023-41323
CVE-2023-41323 affects GLPI (Gestionnaire Libre de Parc Informatique). An unauthenticated attacker can enumerate user logins, exposing usernames. Root cause: information disclosure enabling enumeration without authentication; impact is limited to confidentiality (usernames exposed) with no other ...
CVE-2023-41322
GLPI (Gestionnaire Libre de Parc Informatique) is affected by CVE-2023-41322. A user with write access to another user can request a password change and take control of that account, representing an authentication/authorization risk. The initial description recommends upgrading to version 10.0.10...
CVE-2023-41321
GLPI (Gestionnaire Libre de Parc Informatique) prior to version 10.0.10 contains an API issue where an API user with read access can enumerate sensitive field values on resources. The vulnerability affects confidentiality (C) but has no impact on integrity/availability according to the provided d...
SUSE CVE-2018-14524
dwgdecodeeed in decode.c in GNU LibreDWG before 0.6 leads to a double free in dwgfreeeed in free.c because it does not properly manage the obj-eed value after a free occurs...
SUSE CVE-2019-9779
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwgdxfLTYPE at dwg.spec earlier than CVE-2019-9776...
SUSE CVE-2019-18804
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filterfv at IW44EncodeCodec.cpp...
SUSE CVE-2019-20009
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwgdecodeSPLINEprivate in dwg.spec...
SUSE CVE-2019-20011
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decodeR13R2000 in decode.c...
SUSE CVE-2019-20915
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bitwriteTF in bits.c...
SUSE CVE-2020-21815
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via outputTEXT ../../programs/dwg2SVG.c:114, which causes a denial of service application crash...
SUSE CVE-2020-21830
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bitcalcCRC ../../src/bits.c:2213...
SUSE CVE-2020-21819
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51...
SUSE CVE-2020-21836
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read2004sectionpreview ../../src/decode.c:3175...
SUSE CVE-2020-21838
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read2004sectionappinfo ../../src/decode.c:2842...