524 matches found
samba: Fix of CVE-2026-4408
CVE-2026-4408: Escape/mask client-controlled username before %u substitution in 'check password script' to prevent remote command execution; restrict samrValidatePassword to DCs...
dovecot: Fix of CVE-2017-14461
CVE-2017-14461: lib-mail: fix out-of-bounds read when parsing an invalid email address in parseaddrspec...
subversion: Fix of CVE-2017-9800
CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...
libssh2: Fix of 2 CVEs
CVE-2019-3858: fix zero-byte allocation in sftppacketread - CVE-2019-3859: fix out-of-bounds reads in libssh2packetrequire...
squid34: Fix of CVE-2025-62168
CVE-2025-62168: Redact HTTP authentication credentials in error handling to prevent information disclosure...
libxml2: Fix of 2 CVEs
CVE-2024-56171: fix use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c - CVE-2025-24928: fix stack-based buffer overflow in xmlSnprintfElements in valid.c...
openvpn: Fix of CVE-2020-15078
CVE-2020-15078: fix authentication bypass and access to control channel data on servers configured with deferred authentication...
squid: Fix of CVE-2025-54574
CVE-2025-54574: fix buffer overflow in URN handling...
kernel: Fix of CVE-2023-52572
cifs: Fix UAF in cifsdemultiplexthread CVE-2023-52572...
dmidecode: Fix of CVE-2023-30630
CVE-2023-30630: prevent --dump-bin from overwriting local files to address privilege escalation vulnerability...
subversion: Fix of CVE-2024-46901
CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...
Update of tzdata
Fix incorrect tzdb.dat by harding links...
sssd: Fix of CVE-2023-3758
CVE-2023-3758: fix race condition in adgpo...
glib2: Fix of CVE-2026-58016
CVE-2026-58016: fix XML parser state handling for element nesting in D-Bus introspection XML...
httpd: Fix of CVE-2025-58098
CVE-2025-58098: modcgid with SSI exec cmd passed the shell-escaped query string as extra arguments to the executed shell command; do not pass r-args for SSI requests...
openssl: Fix of CVE-2026-45447
CVE-2026-45447: fix possible use-after-free in PKCS7verify with empty digestAlgorithms SET...
bind: Fix of CVE-2025-40778
CVE-2025-40778: Tighten restrictions on caching NS RRsets in the authority section require the NS owner name to be an ancestor of the queried name to prevent cache poisoning via spoofed records...
mysql: Fix of 3 CVEs
CVE-2018-2562: fix DoS / data corruption in partitioned MEMORY tables Server: Partition - CVE-2018-2773: warn when --pid-file is in a world-writable location BUG26585560 - CVE-2018-3174: stop server as the mysql user in mysql.init so an attacker who controls the pid file cannot trick init into...
libxml2: Fix of CVE-2026-11979
CVE-2026-11979: add bounds checks in xmlcatalog --shell usershell to prevent stack buffer overflows when parsing overly long command lines...
python: Fix of 2 CVEs
CVE-2025-15366: reject control characters in IMAP commands in imaplib.IMAP4.command to prevent command injection via newlines - CVE-2025-15367: reject control characters in POP3 commands in poplib.POP3.putcmd to prevent command injection via newlines...
vim: Fix of CVE-2026-52860
CVE-2026-52860: fix possible code execution in python3complete/pythoncomplete by stripping default expressions and annotations from function parameter lists and whitelisting class bases to dotted names before exec upstream patch 9.2.0597...
vim: Fix of 2 CVEs
CVE-2026-52858: fix possible code execution in python3complete/pythoncomplete by not executing import/from statements harvested from the buffer unless g:pythoncompleteallowimport is set upstream patch 9.2.0561...
vim: Fix of CVE-2026-41411
CVE-2026-41411: fix OS command injection in tag file processing by disallowing backticks in the filename field before wildcard expansion upstream patch 9.2.0357...
httpd: Fix of 2 CVEs
CVE-2026-29170: modproxyftp: XSS in generated HTML directory listing; escape entry names with apescapehtmlaposescapepath instead of apescapeuri in href attributes - CVE-2026-42535: moddavfs: deny WebDAV access to or within the DAVFSSTATEDIR state directory to prevent manipulation of trusted...