6013 matches found
Updated phpmyadmin packages fix security vulnerabilities
fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated chromium-browser-stable packages fix security vulnerabilities
Integer overflow in Layout. CVE-2024-7025 Insufficient data validation in Mojo. CVE-2024-9369 Inappropriate implementation in V8. CVE-2024-9370 Type Confusion in V8. CVE-2024-9602 Type Confusion in V8. CVE-2024-9603...
Updated krb5 packages fix security vulnerabilities
Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461...
Updated mbedtls packages fix security vulnerability
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. CVE-2024-28960...
Updated qpdf packages fix security vulnerability
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h. CVE-2024-24246...
Updated gstreamer packages fix many security vulnerabilities
Updated gstreamer packages fix many security issues see the references below. Apart from the listed CVEs, ZDI-CAN-22300 is also fixed...
Updated thunderbird packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. CVE-2023-5721 Address bar spoofing via bidirectional characters. CVE-2023-5732 Large WebGL draw could have led to a crash. CVE-2023-5724 WebExtensions could open arbitrary URLs...
Updated glibc packages fix a security vulnerability
The updated packages fix a security vulnerability: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVE-2023-5156...
Updated apache-ivy packages fix security vulnerability
Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...
Updated libreoffice packages fix security vulnerability
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
Updated firefox/nss/rootcerts packages fix security vulnerability
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks CVE-2023-32205. An out-of-bounds read could have led to a crash in the RLBox Expat driver CVE-2023-32206. A missing delay in popup...
Updated python-django packages fix security vulnerability
Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...
Updated e2fsprogs packages fix security vulnerability
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304...
Updated sdl2 packages fix security vulnerability
There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, for denial of service, or for Code execution. CVE-2021-33657...
Updated wavpack packages fix security vulnerability
Null pointer dereference in wvunpack CVE-2022-2476...
Updated libtiff packages fix security vulnerability
A stack overflow was discovered in the TIFFVGetField function of Tiffsplit CVE-2022-34526...
Updated python-ujson packages fix security vulnerability
UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation. CVE-2021-45958...
Updated thunderbird packages fix security vulnerability
Incorrect security status shown after viewing an attached email. CVE-2022-1520 Fullscreen notification bypass using popups. CVE-2022-29914 Bypassing permission prompt in nested browsing contexts. CVE-2022-29909 Leaking browser history with CSS variables. CVE-2022-29916 iframe sandbox bypass...
Updated golang packages fix security vulnerability
On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...
Updated ruby packages fix security vulnerability
Command injection in ruby bundler. CVE-2021-43809...
Updated xterm packages fix security vulnerability
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in setsixel in graphicssixel.c via crafted text. CVE-2022-24130...
Updated cryptsetup packages fix security vulnerability
An attacker can modify on-disk metadata to simulate decryption in progress with crashed unfinished reencryption step and persistently decrypt part of the LUKS device CVE-2021-4122...
Updated openexr packages fix security vulnerability
OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. CVE-2021-45942...
Updated tinyxml packages fix security vulnerability
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXMLUTFLEAD0 case. It can be triggered by a crafted XML message and leads to a denial of service. CVE-2021-42260...
Updated cpio packages fix security vulnerability
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...
Updated libsolv packages fix a security vulnerability
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcasereadPool pool, FILE fp, const char testcase, Queue job, char resultp, int resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service CVE-2021-3200...
Updated php packages fix security vulnerabilities
Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDOFirebird: Fix Stack buffer overflow in firebirdinfocb CVE-2021-21704. Fix SIGSEGV in firebirdhandledoer CVE-2021-21704. Fix SIGSEGV in firebirdstmtexecute CVE-2021-21704. Fix Crash while parsing...
Updated wireshark packages fix a security vulnerability
The DVB-S2-BB dissector could go into an infinite loop...
Updated python-lxml packages fix a security vulnerability
An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
Updated ceph packages fix a security vulnerability
Updated ceph packages fix security vulnerability on rgw CVE-2021-3524 as well as CVE-2021-3509 and CVE-2021-3531 from which Mageia was not affected...
Updated glib2.0 packages fix security vulnerability
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...
Updated ansible packages fix security vulnerability
User data leak in snmpfacts module CVE-2021-20178. The bitbucketpipelinevariable module exposed secured values CVE-2021-20180. Multiple collections exposed secured values CVE-2021-20191. In basic.py, nolog with fallback option CVE-2021-20228. The ansible package has been updated to version 2.9.18...
Updated python-pillow packages fix security vulnerabilities
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c CVE-2020-10177. In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state-shuffle is instructed to read beyond...
Updated ruby packages fix a security vulnerability
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...
Updated firefox packages fix security vulnerabilities
By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...
Updated chrony package fixes security vulnerability
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...
Updated podofo packages fix security vulnerability
The updated packages fix security vulnerabilities: A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. CVE-2018-12983 An issue was...
Updated mailman packages fix security vulnerability
Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension or an unknown file extension then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extensio...
Updated wpa_supplicant packages fix security vulnerability
Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...
Updated firefox packages fix security vulnerabilities
Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash CVE-2020-6831. A race condition when running shutdown code for Web Worker led to a...
Updated systemd packages fix security vulnerabilities
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service CVE-2019-20386. Tavis Ormandy discovered...
Updated qtbase5 packages fix security vulnerabilities
Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...
Updated mariadb packages fix security vulnerability
Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequentl...
Updated freeradius packages fix security vulnerabilities
Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...
Updated expat packages fix security vulnerability
It was discovered that Expat did not properly handle internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed CVE-2019-15903...
Updated file packages fix security vulnerability
Updated file packages fix security vulnerability: A buffer overflow was found in file which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF Composite Document File file is processed CVE-2019-18218...
Updated sudo packages fix security vulnerability
The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. CVE-2019-14287...