6007 matches found
Updated xterm package fixes security vulnerability
xterm through Patch 365 allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted UTF-8 character sequence. CVE-2021-27135...
Updated php-pear packages fix a security vulnerability
The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193...
Updated synergy packages fix a security vulnerability
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
Updated bison packages fix a security vulnerability
It was discovered that GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash CVE-2020-14150...
Updated php packages fix security vulnerability
FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...
Updated libmaxminddb packages fix security vulnerability
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dumpentrydatalist in maxminddb.c CVE-2020-28241...
Updated python-cryptography packages fix security vulnerability
Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information CVE-2020-25659...
Updated tomcat packages fix a security vulnerability
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...
Updated mbedtls packages fix security vulnerabilities
mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...
Updated postgresql-jdbc packages fix security vulnerability
XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692...
Updated glib-networking packages fix security vulnerability
The updated packages fix a security vulnerability: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended...
Updated xerces-c packages fix security vulnerability
A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...
Updated samba packages fix security vulnerability
Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...
Updated sudo packages fix security vulnerability
Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 81.0.4044.129 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information...
Updated openvpn packages fix security vulnerability
Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters hav...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.28.1, fixing security issues and other bugs...
Updated python-nltk packages fix security vulnerability
Updated python-ntlk package fixes security vulnerability: A vulnerability was found in NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ in an NLTK package ZIP archive that is mishandled during extraction CVE-2019-14751...
Updated ilmbase packages fix security vulnerability
The updated packages fix a security vulnerability: OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/ IlmThreadPool.cpp, as demonstrated by exrmultiview. CVE-2018-18443...
Updated graphicsmagick packages fix security vulnerabilities
Updated graphicsmagick packages fix security vulnerabilities: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c CVE-2019-19950. Fixed a heap-based buffer overflow in ImportRLEPixels CVE-2019-19951. Fixed a heap-based buffer overflow in EncodeImage CVE-2019-19953...
Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory CVE-2019-12528. Regis Leroy discovered that Squid...
Updated cyrus-sasl packages fix security vulnerability
Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause...
Updated apache-mod_auth_openidc packages fix security vulnerability
The updated package fixes a security vulnerability: A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon. CVE-2019-14857...
Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition CVE-2019-14889...
Updated phpmyadmin packages fix security vulnerability
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...
Updated mosquitto packages fix security vulnerability
Updated mosquitto packages fix security vulnerability: A vulnerability was discovered in mosquitto, allowing a malicious MQTT client to cause a denial of service stack overflow and daemon crash, by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy...
Updated gvfs packages fix security vulnerabilities
Updated gvfs package fixes security vulnerabilities: daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used CVE-2019-12447. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write CVE-2019-12448...
Updated mxml packages fix security vulnerabilities
Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml CVE-2018-2000...
Updated ntp packages fix security vulnerability
A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...
Updated gnupg2 packages fix security vulnerability
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...
Updated ghostscript packages fix a security vulnerability
Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...
Updated gthumb packages fix security vulnerability
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the addthemesfromdir method in dlg-contact-sheet.c because of two successive calls of gfree, each of which frees the same buffer. CVE-2018-18718...
Updated nettle packages fix security vulnerability
A leaky data conversion exposing a manager oracle CVE-2018-16869...
Updated poppler packages fix security vulnerabilities
In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. CVE-2018-16646 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service becau...
Updated sdl2/mingw-SDL2 packages fix security vulnerabilities
This update fixes various security vulnerabilities affecting the SDL2image library, listed below. The fixes are provided in SDL2image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2mixer libraries are also updated to their current stable releases, providing various bug fix...
Updated patch packages fix security vulnerabilities
A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches CVE-2018-6951. A double-free flaw was found in the way the patch utility processed patch files. An attacker...
Updated python-dulwich packages fix security vulnerability
Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname CVE-2017-16228...
Updated git packages fix security vulnerability
joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...
Updated libgd packages fix security vulnerabilities
The updated packages fix security vulnerabilities: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated...
Updated libarchive packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader CVE-2017-14501. libarchive 3.3.2 suffe...
Updated poppler packages fix security vulnerability
The updated packages fix security vulnerabilities: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 There is a NULL pointer...
Updated gimp packages fix security vulnerabilities
Updated gimp packages fix security vulnerabilities: Several vulnerabilities were discovered in GIMP which could result in denial of service application crash or potentially the execution of arbitrary code if malformed files are opened CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787...
Updated flash-player-plugin packages fix security vulnerability
Adobe Flash Player 29.0.0.171 addresses a critical type confusion vulnerability that could lead to arbitrary code execution CVE-2018-4944...
Updated sox packages fix security vulnerabilities
This update for sox fixes the following security issues: CVE-2017-11332: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS divide-by-zero via a crafted wav file. CVE-2017-11358: Fixed the readsamples function in hcom.c, which allowed remote attackers to cause a...
Updated xerces-c packages fix CVE-2017-12627
Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...
Updated tomcat-native package fixes security vulnerability
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected if the OCSP check...
Updated apache-commons-email packages fix security vulnerability
Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients,...
Updated freetype2 packages fix security vulnerability
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the InsGETVARIATION function within ttinterp.c could lead to DoS via a crafted font file CVE-2018-6942...
Updated webkit2 packages fix security vulnerabilities
The webkit2 package has been updated to version 2.18.6, fixing several security issues and other bugs...
Updated awstats packages fix security vulnerability
The cPanel Security Team discovered two path traversal flaws in awstats in the "config" and "migrate" parameters that could be leveraged for unauthenticated remote code execution CVE-2017-1000501...