514 matches found
libxml2: Fix of 2 CVEs
CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...
vim: Fix of CVE-2022-3352
CVE-2022-3352: disallow deleting the current buffer to avoid using freed memory...
python: Fix of CVE-2022-45061
CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.0.1-tuxcare.els...
xterm: Fix of CVE-2022-45063
CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - Add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...
nginx: Fix of 2 CVEs
CVE-2022-41741: fix memory corruption in the ngxhttpmp4module - CVE-2022-41742: fix memory disclosure in the ngxhttpmp4module...
sqlite: Fix of CVE-2022-35737
CVE-2022-35737: fix a buffer overflow...
perl: Fix of CVE-2020-16156
CVE-2020-16156: recognize CANNOTVERIFY signature verification type...
expat: Fix of CVE-2022-43680
CVE-2022-43680: Fix overeager DTD destruction...
Fixed CVEs in vim: CVE-2022-3296, CVE-2022-3324
CVE-2022-3296: check CSFTRY can be found - CVE-2022-3324: make sure the window width does not become negative...
Fixed CVE-2022-41318 in squid34
CVE-2022-41318: Fix buffer-over-read in SSPI and SMB authentication...
Fixed CVE-2022-41318 in squid
CVE-2022-41318: Fix buffer-over-read in SSPI and SMB authentication...
Fixed CVEs in sqlite: CVE-2020-35525, CVE-2020-13435
CVE-2020-13435: add a code that tries to prevent a recurrence of problems - CVE-2020-35525: a potential null pointer dereference was fixed...
Fixed CVE-2022-2795 in bind
CVE-2022-2795: fix possible resolver performance degradation when processing large delegations...
Fixed CVE-2022-3256 in vim
CVE-2022-3256: copy the mark before editing another buffer...
Fixed CVE-2022-40674 in expat
CVE-2022-40674: Ensure raw tagnames are safe exiting internalEntityParser - fix tests leak - fix xmlparse leak...
Fixed CVE-2022-28614 in httpd
CVE-2022-28614: fix out-of-bounds read via aprwrite, refactoring...
Fixed CVE-2022-28614 in httpd
CVE-2022-28614: fix out-of-bounds read via aprwrite...
Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - fix test-system components, enable 'daemon' and 'hardlinks' tests...
Fixed CVE-2022-37434 in rsync
CVE-2022-37434: fix possible buffer overflow when getting a gzip header extra field with inflate...
Fixed CVEs in vim: CVE-2022-2845, CVE-2022-2849
CVE-2022-2849: fix invalid memory access with for loop over NULL string - CVE-2022-2845: fix reading before the start of the line...
Fixed 50 CVEs in java-1.7.0-openjdk
Bump to 2.6.28 and OpenJDK 7u351-b01. - Security fixes in 7u351: - CVE-2022-21540: Improve class compilation JDK-8281859 - CVE-2022-21541: Enhance MethodHandle invocations JDK-8281866 - CVE-2022-34169: Improve Xalan supports JDK-8285407 - Security fixes in 7u341: - CVE-2022-21426: Better XPath...
Fixed CVE-2022-2581 in vim
CVE-2022-2581: fix illegal memory access when pattern starts with illegal byte...
Fixed 13 CVEs in expat
CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...
Fixed CVE-2022-37434 in zlib
CVE-2022-37434: fix possible buffer overflow when getting a gzip header extra field with inflate...
Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...
Fixed CVEs in exim: CVE-2022-37451, CVE-2022-37452
CVE-2022-37452: fix heap-based buffer overflow for the alias list in hostnamelookup - CVE-2022-37451: fix invalid free in pamconverse...
Fixed CVEs in vim: CVE-2022-2345, CVE-2022-2344, CVE-2022-2343, CVE-2022-2522
CVE-2022-2345: fix using freed memory with recursive substitute - CVE-2022-2344: fix reading past end of completion with duplicate match - CVE-2022-2343: fix reading past end of completion with a long line and 'infercase' set - CVE-2022-2522: fix accessing uninitialized memory when completing...
Fixed CVE-2021-21702 in php
CVE-2021-21702: Fix null pointer dereference in Soap Client...
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...
Fixed CVE-2021-22543 in kernel
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
Fixed CVE-2021-22543 in kernel
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
Fixed CVEs in vim: CVE-2022-2289, CVE-2022-2304
CVE-2022-2289: bail out when diff pointer is no longer valid to avoid accessing freed memory with diff put - CVE-2022-2304: limit the word length to avoid out of bound accesing...
Fixed CVE-2015-20170 in python
CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...
Fixed 7 CVEs in vim
CVE-2022-2206: adjust cmdlinerow and msgrow to the value of Rows - CVE-2022-2284: stop visual mode when closing a window - CVE-2022-2285: put a NUL after the typeahead - CVE-2022-2286: check the length of the string - CVE-2022-2287: disallow adding a word with control characters or a trailing...
Fixed CVE-2022-31625 in php
ELS-189: Fix for Harden PHP - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE...
Fixed CVE-2016-10012 in openssh
CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...
Fixed CVEs in vim: CVE-2022-2183, CVE-2022-2182, CVE-2022-2207, CVE-2022-2210
CVE-2022-2182: when on line zero check the column is valid for line one - CVE-2022-2183: avoid going over the NUL at the end of the line - CVE-2022-2207: check the cursor column is more than zero - CVE-2022-2210: use zero offset when change removes all lines in a diff block...
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection...
Fixed CVEs in openssh-5.3p1: CVE-2016-10708, CVE-2016-10012
CVE-2016-10708: fix crash in packet handling code by moving inbound NEWKEYS handling to kex layer - CVE-2016-10012: abandon the fix due to compression mode issues...
Fixed CVE-2018-5741 in bind
CVE-2018-5741: update krb5,ms-self,subdomain descriptions...
Fixed CVE-2020-12723 in perl-5.10.1
CVE-2020-12723: fix a buffer overflow caused by a crafted regular expression because of recursive Sstudychunk calls...
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
CVE-2022-2125: add checking for NUL to avoid running over the end of line - CVE-2022-1720: do not include the NUL in the length to avoid reading past end of line with "gf" in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line - CVE-2022-2129: disallow...
Fixed CVE-2016-10009 in openssh-5.3p1
CVE-2016-10009: add whitelist of paths which may ssh-agent load from in order to prevent execution of arbitrary local pkcs11...
Fixed CVE-2022-27782 in curl
CVE-2022-27782: add missing checks of ssl and ssh options during matching a connection for reuse...
Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
CVE-2022-26377: modproxyajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in apstrcmpmatch - CVE-2022-31813: modproxy: preserve original request headers so an upstream knows what the original request hostname was, and so send X-Forwarded- headers correctly...
Fixed CVE-2022-2042 in vim
CVE-2022-2042: fix using uninitialized value and freed memory in spell command...
Fixed CVE-2019-17571 in log4j
CVE-2019-17571: Fix the deserialization of untrusted data in SocketServer that allows an attacker to remotely execute arbitrary code...
Fixed CVEs in vim: CVE-2022-1927, CVE-2022-1897
CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
Fixed CVE-2022-24903 in rsyslog
CVE-2022-24903: fix heap-based overflow in TCP syslog server...