502 matches found
Fixed 13 CVEs in expat
CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...
Fixed 50 CVEs in java-1.7.0-openjdk
Bump to 2.6.28 and OpenJDK 7u351-b01. - Security fixes in 7u351: - CVE-2022-21540: Improve class compilation JDK-8281859 - CVE-2022-21541: Enhance MethodHandle invocations JDK-8281866 - CVE-2022-34169: Improve Xalan supports JDK-8285407 - Security fixes in 7u341: - CVE-2022-21426: Better XPath...
Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619
CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...
Fix of CVE: CVE-2022-1154
CVE-2022-1154: fix buffer usage after free...
Fix of CVE: CVE-2022-0778
CVE-2022-0778: Fix possible infinite loop in BNmodsqrt...
Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483
CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...
samba: Fix of CVE-2023-3961
CVE-2023-3961: Fix a path traversal out of the socket directory - fix chagelog's versions...
Fixed CVE-2022-24903 in rsyslog
CVE-2022-24903: fix heap-based overflow in TCP syslog server...
Fix of CVE: CVE-2021-0920, CVE-2022-0492, CVE-2020-0466, CVE-2021-4155
cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...
Fix of CVE: CVE-2021-33574, CVE-2021-35942, CVE-2021-38604
Adopt pthreadattrcopy functionality, test case is included - CVE-2021-33574: avoid use-after-free vulnerability - CVE-2021-35942: avoid out-of-bounds read via signed integer overflow in array index - CVE-2021-38604: considered. No NULL pointer dereference is possible...
Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489
CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...
less: Fix of CVE-2022-48624
CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
CVE-2022-2125: add checking for NUL to avoid running over the end of line - CVE-2022-1720: do not include the NUL in the length to avoid reading past end of line with "gf" in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line - CVE-2022-2129: disallow...
Fix of CVE: CVE-2021-3778, CVE-2021-3796
CVE-2021-3778: crafted input leads to heap-based buffer overflow - CVE-2021-3796: crafted input leads to use-after-free...
Fix of CVE: CVE-2021-23017
Fixed CVE-2021-23017 : Off-by-one in ngxresolvercopy when - labels are followed by a pointer to a root domain name...
tar: Fix of CVE-2022-48303
CVE-2022-48303: check for the end of field after leading byte 0x80 or 0xff of base-256 encoded header value...
Fix of CVE: CVE-2021-3737
CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...
Fix of CVE: CVE-2021-2388
Fix CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination...
Fix of CVE: CVE-2020-8450, CVE-2020-8517, CVE-2020-8449
CVE-2020-8449: fix improper HTTP request validation allowing access to resources which are prohibited by security filters - CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow - CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to...
Fix of CVE: CVE-2021-25217
CVE-2021-25217: avoid buffer overrun...
Fixed CVEs in vim: CVE-2022-2183, CVE-2022-2182, CVE-2022-2207, CVE-2022-2210
CVE-2022-2182: when on line zero check the column is valid for line one - CVE-2022-2183: avoid going over the NUL at the end of the line - CVE-2022-2207: check the cursor column is more than zero - CVE-2022-2210: use zero offset when change removes all lines in a diff block...
Fix of CVE: CVE-2021-38160, CVE-2021-3573, CVE-2021-38205, CVE-2021-3178, CVE-2021-20265, CVE-2021-3612, CVE-2021-32399, CVE-2021-37159, CVE-2014-4508, CVE-2021-28972, CVE-2021-34693, CVE-2021-20292
ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...
python: Fix of CVE-2023-40217
CVE-2023-40217: Fix TLS handshake bypass...
python: Fix of CVE-2022-48560
CVE-2022-48560: Fix SIGSEGV in Python via heappushpop in heapq...
Fixed CVE-2018-25032 in zlib
CVE-2018-25032: Fix memory corruption when deflating if the input has many distant matches...
Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
Fix of CVE: CVE-2021-25220
CVE-2021-25220: fix possible cache poisoning from forwarder responses...
Fix of 8 CVEs
CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...
Fix of CVE: CVE-2021-3487
CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection...
Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732
fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun - Port patches from oracle6els branch, original changelog entry: - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 -...
Fix CVE: CVE-2020-1971
EDIPARTYNAME NULL pointer de-reference CVE-2020-1971...
busybox: Fix of CVE-2022-48174
CVE-2022-48174: fix unlikely stack overflow - testsuite was enabled...
openssh: Fix of 2 CVEs
CVE-2019-6109: verify character encoding in progress display to avoid spoofing of scp client output - CVE-2016-10012: updated to fix server-side protocol errors observed during rekeying with compression enabled...
Fix of CVE: CVE-2021-3609, CVE-2022-28390
can: emsusb: emsusbstartxmit: fix double devkfreeskb in error path ELSCVE-3847 CVE-2022-28390 - can: bcm: delay release of struct bcmop after synchronizercu ELSCVE-1694 CVE-2021-3609...
Fix of CVE: CVE-2022-0351, CVE-2022-0368, CVE-2022-0359, CVE-2022-0361
CVE-2022-0351: fix crash caused by too depth recursion - CVE-2022-0359: fix illegal memory access with large tabstop in ex mode - CVE-2022-0361: fix illegal memory access when copying lines in visual mode - CVE-2022-0368: fix illegal memory access when undo makes visual area invalid...
Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517
CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...
Fix of CVE: CVE-2021-39275
CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...
Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160
ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...
Fixed CVE-2022-31625 in php
ELS-189: Fix for Harden PHP - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE...
Fix of CVE: CVE-2022-23218, CVE-2022-23219
CVE-2022-23218: fix possible buffer overflow in svcunixcreate - CVE-2022-23219: fix possible buffer overflow in clntcreate...
Fixed CVEs in vim: CVE-2022-2345, CVE-2022-2344, CVE-2022-2343, CVE-2022-2522
CVE-2022-2345: fix using freed memory with recursive substitute - CVE-2022-2344: fix reading past end of completion with duplicate match - CVE-2022-2343: fix reading past end of completion with a long line and 'infercase' set - CVE-2022-2522: fix accessing uninitialized memory when completing...
Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
python: Fix of CVE-2022-45061
CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.0.1-tuxcare.els...
Fix of CVE: CVE-2021-39275
CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...
Fix of CVE: CVE-2021-22925
telnet stack contents disclosure again CVE-2021-22925...
squid: Fix of CVE-2023-50269
CVE-2023-50269: Limit the number of allowed X-Forwarded-For hops to prevent DoS...
Fix of CVE: CVE-2022-28390, CVE-2021-3609
can: emsusb: emsusbstartxmit: fix double devkfreeskb in error path ELSCVE-3847 CVE-2022-28390 - can: bcm: delay release of struct bcmop after synchronizercu ELSCVE-1694 CVE-2021-3609...
Fix of CVE: CVE-2020-8517, CVE-2021-28651, CVE-2020-15049, CVE-2020-8449, CVE-2020-8450, CVE-2020-24606, CVE-2020-25097, CVE-2020-11945, CVE-2020-14058
CVE-2020-15049: fix incorrect validation of Content-Length field leading to Http smuggling and Poisoning attack - CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of service - CVE-2020-25097: fix improper input validation allowing HTTP smuggling from trusted client -...
Fix of 36 CVEs
CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...