GTK+ 3: Search path vulnerability

Background GTK+ GIMP Toolkit + is a toolkit for creating graphical user interfaces. Description A vulnerability has been discovered in GTK+ 3. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no kno...

OpenImageIO: Multiple Vulnerabilities

Background OpenImageIO is a library for reading and writing images. Description Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

FreeType: Remote Code Execution

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact An out of bounds write exists in FreeType when attempting to parse font subglyph structures...

Atop: Heap Corruption

Background Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes even if processes have finished during the interval, daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by...

Tracker miners: Sandbox weakness

Background The Tracker miners are a collection of data extractors for the GNOME Tracker. Description A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround...

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

Node.js: Multiple Vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

PAM: Multiple Vulnerabilities

Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. Description Multiple vulnerabilities have been discovered in PAM. Please review the C...

glibc: Buffer Overflow

Background glibc is a package that contains the GNU C library. Description A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known workaround at this...

NVIDIA Drivers: Multiple Vulnerabilities

Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...

Orc: Arbitrary Code Execution

Background Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

XZ Utils: Use after free

Background XZ Utils is free general-purpose data compression software with a high compression ratio. Description A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Impact The multithreaded .xz decoder in liblzma has a bug where invalid...

OpenSSH: Multiple Vulnerabilities

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Yubico pam-u2f: Partial Authentication Bypass

Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Impact Depending on specific settings and usage scenarios the result of the pam-u2f module...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

PHP: Multiple Vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact Please review th...

libgsf: Multiple Vulnerabilities

Background The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics. Description Multiple vulnerabilities have been discovered in libgsf. Please review the CVE identifiers referenced...

libuv: Hostname Truncation

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description Multiple vulnerabilities have been discovered in libuv. Please review the CVE identifiers referenced below for details. Impact The uvgetaddrinfo function in src/unix/getaddrinfo.c truncates hostname...

GPL Ghostscript: Multiple Vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

Qt: Buffer Overflow

Background Qt is a cross-platform application development framework. Description When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Impa...

GIMP: Multiple Vulnerabilities

Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

pip: arbitrary configuration injection

Background pip is a tool for installing and managing Python packages. Description Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Impact When installing a package from a Mercurial VCS URL ie "pip install hg+...", the specified...

rsync: Multiple Vulnerabilities

Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description Multiple vulnerabilities have been discovered in rsync. Please review the CVE...

NVIDIA Drivers: Privilege Escalation

Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...

eza: Arbitrary Code Execution

Background eza is a modern, maintained replacement for ls, written in rust. Description A vulnerability has been discovered in eza. Please review the CVE identifier referenced below for details. Impact A buffer overflow vulnerability in eza allows local attackers to execute arbitrary code via the...

Distrobox: Arbitrary Code Execution

Background Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice...

libvirt: Multiple Vulnerabilities

Background libvirt is a C toolkit for manipulating virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

idna: Denial of Service

Background Internationalized Domain Names for Python IDNA 2008 and UTS 46 Description A vulnerability has been discovered in idna. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known workaround...

OpenSC: Multiple Vulnerabilities

Background OpenSC contains tools and libraries for smart cards. Description Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Spidermonkey: Multiple Vulnerabilities

Background SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. Description Multiple vulnerabilities have be...

HashiCorp Consul: Multiple Vulnerabilities

Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

PostgreSQL: Multiple Vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaroun...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

Asterisk: Multiple Vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

R: Arbitrary Code Execution

Background R is a language and environment for statistical computing and graphics. Description Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end...

Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities

Background Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with...

Salt: Multiple Vulnerabilities

Background Salt is a fast, intelligent and scalable automation engine. Description Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

OATH Toolkit: Privilege Escalation

Background OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC 4226, the time-based TOTP algorithm RFC 6238, and Portable Symmetric...

icinga2: Multiple Vulnerabilities

Background Icinga2 is a distributed, general purpose, network monitoring engine. Description Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

Dnsmasq: Multiple Vulnerabilities

Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Cacti: Multiple Vulnerabilities

Background Cacti is a web-based network graphing and reporting tool. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

GnuTLS: Multiple Vulnerabilities

Background GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Pillow: Arbitrary code execution

Background The friendly PIL fork. Description A vulnerability has been discovered in Pillow. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known workaround at this time. Resolution All Pillow...

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...