6007 matches found
Updated jasper packages fix security vulnerability
Memory leak in function cmdoptsparse that can cause a crash or segmentation fault. CVE-2022-2963...
Updated python-jupyterlab packages fix security vulnerability
Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...
Updated apache-commons-fileupload packages fix security vulnerability
Denial of service with a malicious upload or series of uploads. CVE-2023-24998...
Updated firefox packages fix security vulnerability
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...
Updated nodejs packages fix security vulnerability
DNS rebinding in --inspect on macOS CVE-2022-32212 Bypass via obs-fold mechanic CVE-2022-32213 HTTP Request Smuggling Due to Incorrect Parsing of Header Fields CVE-2022-35256...
Updated libgsasl packages fix security vulnerability
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. CVE-2022-2469...
Updated nvidia-current packages fix security vulnerabilities
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of...
Updated golang packages fix security vulnerability
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVE-2022-32189...
Updated exempi packages fix security vulnerability
XMP Toolkit SDK versions 2020.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...
Updated opencontainers-runc packages fix security vulnerability
A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bug did n...
Updated gzip/xz packages fix security vulnerability
zgrep, xzgrep: arbitrary-file-write vulnerability. CVE-2022-1271...
Updated glibc packages fix security vulnerability
Updated glibc packages fix security vulnerability: An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to...
Updated nss and firefox packages fix security vulnerabilities
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
Updated golang packages fix security vulnerability
net/http: limit growth of header canonicalization cache CVE-2021-44716 syscall: don't close fd 0 on ForkExec error CVE-2021-44717...
Updated nginx/vsftpd packages fix security vulnerability
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.78 and fixes at least the following security issues: A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability CVE-2021-3760. A flaw in the SCTP stack where a blind attacker may be...
Updated python packages fix security vulnerability
Denial of service when identifying crafted invalid RFCs Security fix for CVE-2021-3737: python client can enter an infinite loop on a 100 Continue response from the server...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.10.56 and fixes at least the following security issues: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection...
Updated nodejs packages fix security vulnerability
Updated nodejs packages fix security vulnerability: Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior CVE-2021-22930...
Updated nodejs packages fix security vulnerabilities
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...
Updated glib2.0 packages fix security vulnerabilities
Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2021-27218. Kevin Backhouse discovered that GLib incorrect...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...
Updated thunderbird packages fix security vulnerabilities
More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine CVE-2021-23961. Out of...
Updated perl packages fix security vulnerability
This update from 5.28.2 to 5.28.3 fixes bugs several bugs the RPM package manager. - Update to 5.23.3 See https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod for release notes - Security release fixes CVE-2020-10543, CVE-2020-10878 and CVE-2020-12723 - Work around a glibc bug...
Updated glibc packages fix security vulnerabilities
Updated glibc packages fix security vulnerabilities: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. BZ 25487 CVE-2020-10029. Fix use-after-free in glob when expanding user BZ 2541...
Updated tomcat packages fix security vulnerabilities
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...
Updated curl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security issues: Use-after-free when creating index updates in IndexedDB. CVE-2019-11757 Potentially exploitable crash due to 360 Total Security. CVE-2019-11758 Stack buffer overflow in HKDF output. CVE-2019-11759 Stack buffer overflow in WebRTC networking. CVE-2019-11760...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve EC cryptography. CVE-2019-2745 Insufficient checks of suppressed exceptions in deserialization. CVE-2019-2762 Unbounded memory allocation during deserialization in Collections. CVE-2019-276...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise mariadb server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or...
Updated virtualbox packages fix security vulnerabilities
OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data CVE-2019-1543. Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability that allows...
Updated firefox packages fix security vulnerability
Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...
Updated jruby packages fix security vulnerability
Several vulnerabilities were discovered in jruby. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code CVE-2018-1000073, CVE-2018-1000074,...
Updated podofo packages fix security vulnerabilities
The podofo package has been updated to fix several security issues...
Updated mariadb packages fix security vulnerabilities
Some easily exploitable vulnerabilities allowing high privileged attacker with network access via multiple protocols to compromise MySQL Server have been fixed...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.69 and adds additional fixes for the L1TF and Spectre security issues. It also fixes at least the following security issues: Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kerne...
Updated mariadb packages fix security vulnerabilities
Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: Server: Replication. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaD...
Updated iceape packages fix security vulnerabilities
Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive...
Updated kernel-linus-4.4.32 packages fix security vulnerability
This update is based on upstream 4.4.32 and fixes alteast the following security issues: Vladimir Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption,...
Updated virtualbox packages fixes security vulnerabilities
This update provides virtualbox 5.1.10 maintenance release and resolves at least the following security issues: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and...
Updated apache packages fix security vulnerability
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Updated qemu packages fixes security vulnerabilities
Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....
Updated kernel packages fixes security vulnerabilities.
Updated kernel packages fixes security vulnerabilities. The kernel has been updated to the upstream 3.12.21 longterm kernel, and fixes the following security issues: media-device: fix infoleak in ioctl mediaenumentities CVE-2014-1739 The futexrequeue function in kernel/futex.c in the Linux kernel...
Updated perl-CGI-Application packages fix CVE-2013-7329
Updated perl-CGI-Application package fixes security vulnerability: When applications using CGI::Application overload setup, which is normally the case, CGI::Application since version 4.19 has dumphtml as a default run-mode unless the application explicitly redefines it. This unexpectedly dumps a...
Updated springframework package fixes security vulnerabilities
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
Updated wireshark packages fix security vulnerabilities
The updated packages fix security vulnerabilities: RTPS dissector memory leak. CVE-2023-5371 SSH dissector invalid read of memory blocks. CVE-2023-6174 NetScreen File Parsing Heap-based Buffer Overflow. CVE-2023-6175 GVCP dissector crash via packet injection or crafted capture file. CVE-2024-0208...
Updated filezilla packages fix a security vulnerability ("Terrapin attack")
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be...
Updated skopeo/buildah/podman packages fix security vulnerability
Information disclosure flaw was found in Buildah CVE-2021-3602 podman allows forwarding hosts ports to vm from within vm CVE-2021-4024 Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration CVE-2021-20206 github.com/containers/storag...
Updated sogo packages fix security vulnerability
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...