6007 matches found
Updated chromium-browser-stable package fixes multiple vulnerabilities
Use-after-free related to forms CVE-2013-6641. Unprompted sync with an attackers Google account CVE-2013-6643. Various fixes from internal audits, fuzzing and other initiatives CVE-2013-6644. Use-after-free related to speech input elements CVE-2013-6645. Use-after-free in web workers CVE-2013-664...
Updated gnutls package fixes security vulnerability
A DNS server that returns more 4 DANE entries could corrupt the memory of a requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5 CVE-2013-4466. This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs...
Updated graphicsmagick packages fix CVE-2013-4589
Updated graphicsmagick packages fix security vulnerability: GraphicsMagick before 1.3.18 is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service DoS. The vulnerability is caused due to an error within the "ExportAlphaQuantumType" function found in...
Updated wireshark package fixes security vulnerabilities
The Bluetooth SDP dissector could go into a large loop CVE-2013-4927. The DIS dissector could go into a large loop CVE-2013-4929. The DVB-CI dissector could crash CVE-2013-4930. The GSM RR dissector and possibly others could go into a large loop CVE-2013-4931. The GSM A Common dissector could cra...
Updated perl-Dancer package fixes CVE-2012-5572
A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie and cookies methods. A remote attacker could use this flaw to inject arbitrary headers into responses from Perl...
Updated phpmyadmin packages fix security vulnerabilities
fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated opensc packages fix security vulnerability
Side-channel leaks while stripping encryption PKCS1.5 padding in OpenSC. CVE-2023-5992...
Updated ncurses packages fix security vulnerability
The updated packages fix a security vulnerability: Local users can trigger security-relevant memory corruption via malformed data. CVE-2023-29491...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...
Updated apache-ivy packages fix security vulnerability
Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...
Updated libreoffice packages fix security vulnerability
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
Updated python-django packages fix security vulnerability
Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...
Updated firefox/nss/rootcerts packages fix security vulnerability
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks CVE-2023-32205. An out-of-bounds read could have led to a crash in the RLBox Expat driver CVE-2023-32206. A missing delay in popup...
Updated advancecomp packages fix security vulnerability
advancecomp has been updated to fix a number of bugs and security issues...
Updated thunderbird packages fix security vulnerability
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...
Updated thunderbird packages fix security vulnerability
Service Workers might have learned size of cross-origin media files. CVE-2022-45403 Fullscreen notification bypass. CVE-2022-45404 Use-after-free in InputStream implementation. CVE-2022-45405 Use-after-free of a JavaScript Realm. CVE-2022-45406 Fullscreen notification bypass via windowName...
Updated libtiff packages fix security vulnerability
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections,...
Updated unzip packages fix security vulnerability
Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2021-4217 Conversion of a wide string to a local string that leads to a heap of out-of-bound write. Thi...
Updated curl packages fix security vulnerability
Control code in cookie denial of service. CVE-2022-35252...
Updated dovecot packages fix security vulnerability
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...
Updated golang packages fix security vulnerability
On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...
Updated ruby packages fix security vulnerability
Command injection in ruby bundler. CVE-2021-43809...
Updated wireshark packages fix security vulnerability
Kafka dissector infinite loop CVE-2021-4190. RTMPT dissector infinite loop wnpa-sec-2022-01. Large loops in multiple dissectors wnpa-sec-2022-02. PVFS dissector crash wnpa-sec-2022-03. CSN.1 dissector crash wnpa-sec-2022-04. CMS dissector crash wnpa-sec-2022-05...
Updated cryptsetup packages fix security vulnerability
An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...
Updated squashfs-tools packages fix security vulnerability
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
Updated cpio packages fix security vulnerability
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...
Updated netty packages fix security vulnerabilities
In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...
Updated libsolv packages fix a security vulnerability
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVE-2021-3200...
Updated apache-mod_auth_openidc package fixes a security vulnerability
modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of- service DoS condition via unspecified vectors CVE-2021-20718...
Updated firefox packages fix a security vulnerability
Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with...
Updated python-jinja2 packages fix a security vulnerability
ReDOS vulnerability where urlize could have been called with untrusted user data CVE-2020-28493...
Updated wireshark packages fix a security vulnerability
Wireshark could open unsafe URLs CVE-2021-22191...
Updated ansible packages fix security vulnerability
User data leak in snmpfacts module CVE-2021-20178. The bitbucketpipelinevariable module exposed secured values CVE-2021-20180. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been updated to version 2.9.18...
Updated italc packages fix security vulnerabilities
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
Updated python-pillow packages fix security vulnerabilities
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...
Updated ruby packages fix a security vulnerability
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...
Updated golang packages fix security vulnerability
Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected CVE-2020-15586. Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of byt...
Updated curl packages fix security vulnerability
Updated curl packages fix security vulnerabilities: libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS servers CVE-2020-8169. curl can be tricked by a malicious server to overwri...
Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...
Updated systemd packages fix security vulnerabilities
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...
Updated qtbase5 packages fix security vulnerabilities
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...
Updated shadowsocks-libev packages fix security vulnerabilities
Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...
Updated pacemaker packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. CVE-2019-3885 A flaw was found in the way pacemaker's client-server authenticatio...
Updated bzip2 packages fix security vulnerability
The updated packages fix a security vulnerability: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900...
Updated expat packages fix security vulnerability
It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...
Updated libpcap and tcpdump packages fix security vulnerabilities
Updated libpcap and tcpdump packages fix security vulnerabilities: The libpcap packages have been updated to versions 1.9.1 and tcpdump to 4.9.3, respectively, fixing several buffer overread and overflow issues...