502 matches found
Fixed CVE-2022-2795 in bind
CVE-2022-2795: fix possible resolver performance degradation when processing large delegations...
Fixed CVE-2022-3256 in vim
CVE-2022-3256: copy the mark before editing another buffer...
Fixed CVE-2022-40674 in expat
CVE-2022-40674: Ensure raw tagnames are safe exiting internalEntityParser - fix tests leak - fix xmlparse leak...
Fixed CVE-2022-28614 in httpd
CVE-2022-28614: fix out-of-bounds read via aprwrite, refactoring...
Fixed CVE-2022-28614 in httpd
CVE-2022-28614: fix out-of-bounds read via aprwrite...
Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - fix test-system components, enable 'daemon' and 'hardlinks' tests...
Fixed CVE-2022-37434 in rsync
CVE-2022-37434: fix possible buffer overflow when getting a gzip header extra field with inflate...
Fixed CVEs in vim: CVE-2022-2845, CVE-2022-2849
CVE-2022-2849: fix invalid memory access with for loop over NULL string - CVE-2022-2845: fix reading before the start of the line...
Fixed 50 CVEs in java-1.7.0-openjdk
Bump to 2.6.28 and OpenJDK 7u351-b01. - Security fixes in 7u351: - CVE-2022-21540: Improve class compilation JDK-8281859 - CVE-2022-21541: Enhance MethodHandle invocations JDK-8281866 - CVE-2022-34169: Improve Xalan supports JDK-8285407 - Security fixes in 7u341: - CVE-2022-21426: Better XPath...
Fixed CVE-2022-2581 in vim
CVE-2022-2581: fix illegal memory access when pattern starts with illegal byte...
Fixed 13 CVEs in expat
CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...
Fixed CVE-2022-37434 in zlib
CVE-2022-37434: fix possible buffer overflow when getting a gzip header extra field with inflate...
Fixed CVE-2022-29154 in rsync
CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...
Fixed CVEs in exim: CVE-2022-37451, CVE-2022-37452
CVE-2022-37452: fix heap-based buffer overflow for the alias list in hostnamelookup - CVE-2022-37451: fix invalid free in pamconverse...
Fixed CVEs in vim: CVE-2022-2345, CVE-2022-2344, CVE-2022-2343, CVE-2022-2522
CVE-2022-2345: fix using freed memory with recursive substitute - CVE-2022-2344: fix reading past end of completion with duplicate match - CVE-2022-2343: fix reading past end of completion with a long line and 'infercase' set - CVE-2022-2522: fix accessing uninitialized memory when completing...
Fixed CVE-2021-21702 in php
CVE-2021-21702: Fix null pointer dereference in Soap Client...
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...
Fixed CVE-2021-22543 in kernel
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
Fixed CVE-2021-22543 in kernel
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
Fixed CVEs in vim: CVE-2022-2289, CVE-2022-2304
CVE-2022-2289: bail out when diff pointer is no longer valid to avoid accessing freed memory with diff put - CVE-2022-2304: limit the word length to avoid out of bound accesing...
Fixed CVE-2015-20170 in python
CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...
Fixed 7 CVEs in vim
CVE-2022-2206: adjust cmdlinerow and msgrow to the value of Rows - CVE-2022-2284: stop visual mode when closing a window - CVE-2022-2285: put a NUL after the typeahead - CVE-2022-2286: check the length of the string - CVE-2022-2287: disallow adding a word with control characters or a trailing...
Fixed CVE-2022-31625 in php
ELS-189: Fix for Harden PHP - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE...
Fixed CVE-2016-10012 in openssh
CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...
Fixed CVEs in vim: CVE-2022-2183, CVE-2022-2182, CVE-2022-2207, CVE-2022-2210
CVE-2022-2182: when on line zero check the column is valid for line one - CVE-2022-2183: avoid going over the NUL at the end of the line - CVE-2022-2207: check the cursor column is more than zero - CVE-2022-2210: use zero offset when change removes all lines in a diff block...
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection...
Fixed CVEs in openssh-5.3p1: CVE-2016-10708, CVE-2016-10012
CVE-2016-10708: fix crash in packet handling code by moving inbound NEWKEYS handling to kex layer - CVE-2016-10012: abandon the fix due to compression mode issues...
Fixed CVE-2018-5741 in bind
CVE-2018-5741: update krb5,ms-self,subdomain descriptions...
Fixed CVE-2020-12723 in perl-5.10.1
CVE-2020-12723: fix a buffer overflow caused by a crafted regular expression because of recursive Sstudychunk calls...
Fixed CVEs in vim: CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720
CVE-2022-2125: add checking for NUL to avoid running over the end of line - CVE-2022-1720: do not include the NUL in the length to avoid reading past end of line with "gf" in Visual block mode - CVE-2022-2124: add checking for NUL to avoid running over the end of line - CVE-2022-2129: disallow...
Fixed CVE-2016-10009 in openssh-5.3p1
CVE-2016-10009: add whitelist of paths which may ssh-agent load from in order to prevent execution of arbitrary local pkcs11...
Fixed CVE-2022-27782 in curl
CVE-2022-27782: add missing checks of ssl and ssh options during matching a connection for reuse...
Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
CVE-2022-26377: modproxyajp: fix HTTP request smuggling - CVE-2022-28615: fix possible out-of-bounds read in apstrcmpmatch - CVE-2022-31813: modproxy: preserve original request headers so an upstream knows what the original request hostname was, and so send X-Forwarded- headers correctly...
Fixed CVE-2022-2042 in vim
CVE-2022-2042: fix using uninitialized value and freed memory in spell command...
Fixed CVE-2019-17571 in log4j
CVE-2019-17571: Fix the deserialization of untrusted data in SocketServer that allows an attacker to remotely execute arbitrary code...
Fixed CVEs in vim: CVE-2022-1927, CVE-2022-1897
CVE-2022-1897: fix substitution which overwrites an allocated buffer - CVE-2022-1927: fix invalid cursor position after '0;' range...
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
Fixed CVE-2022-24903 in rsyslog
CVE-2022-24903: fix heap-based overflow in TCP syslog server...
Fixed CVEs in vim: CVE-2022-1785, CVE-2022-1796
CVE-2022-1785: fix out-of-bounds write by disallowing changing window in substitute expression - CVE-2022-1796: fix use after free by making a copy of a line...
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21496
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09. That fixes following CVEs: - CVE-2022-21476: Defective secure validation in Apache Santuario - CVE-2022-21496: URI parsing inconsistencies - CVE-2022-21434: Improper object-to-string conversion in AnnotationInvocationHandler -...
Fixed CVE-2021-33582 in cyrus-imapd
CVE-2021-33582: Fix a bad string hashing algorithm which could lead to collisions and cause a CPU denial of service...
Fixed CVEs in vim: CVE-2022-1735, CVE-2022-1733
CVE-2022-1733: fix reading past end of the line when C-indenting - CVE-2022-1735: fix invalid memory access caused by changing text in Visual mode...
Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619
CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...
Fixed CVE-2022-1271 in gzip
CVE-2022-1271: Fix arbitrary file override with crafted file names...
Fixed CVE-2018-25032 in rsync
CVE-2018-25032: Fix memory corruption when deflating if the input has many distant matches...
Fixed CVE-2018-25032 in zlib
CVE-2018-25032: Fix memory corruption when deflating if the input has many distant matches...
Fix of CVE: CVE-2021-0920, CVE-2022-0492, CVE-2020-0466, CVE-2021-4155
cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...
Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920
cgroup-v1: Require capabilities to set releaseagent ELSCVE-3555 CVE-2022-0492 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate ELSCVE-3891 CVE-2021-4155 - afunix: fix garbage collect vs MSGPEEK ELSCVE-3728 CVE-2021-0920 - epoll: Keep a reference on files added to the check...
Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...
Fix of CVE: CVE-2019-18276
CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...