6007 matches found
Updated qtbase5 packages fix security vulnerability
Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVE-2023-32762 QTextLayout buffer overflow in SVG file...
Updated dmidecode packages fix security vulnerability
Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630...
Updated zstd packages fix security vulnerability
Buffer overrun in util.c CVE-2022-4899...
Updated tpm2-tss packages fix security vulnerability
Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array only has TPM2ERRORTSS2RCLAYERCOUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer...
Updated libtiff packages fix security vulnerability
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. CVE-2022-3970...
Updated pixman packages fix security vulnerability
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in pixmansamplefloory. CVE-2022-44638...
Updated nbd packages fix security vulnerability
It was discovered that nbd prior to 3.24 contained an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name resulting in a write to a dangling pointer CVE-2022-26495. Stack-based...
Updated virglrenderer packages fix security vulnerability
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer virglrenderer. This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPUEXECBUFFER ioctl, leading to a denial of service or possible code execution. CVE-2022-0135 A flaw was...
Updated gdal packages fix security vulnerability
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment. CVE-2021-45943...
Updated abcm2ps packages fix security vulnerability
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculatebeam at draw.c. CVE-2021-32434 Stack-based buffer overflow in the function getkey in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2021-324...
Updated ghostscript packages fix security vulnerability
Use-after-free in sampleddatasample called from sampleddatacontinue and interp. CVE-2021-45944 Heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp. CVE-2021-45949...
Updated dovecot packages fix security vulnerabilities
Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...
Updated botan2 packages fix security vulnerability
Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the...
Updated python-django packages fix security vulnerability
Potential bypass of an upstream access control based on URL paths. CVE-2021-44420 HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths...
Updated openexr packages fix security vulnerability
Integer-overflow in Imf31::bytesPerDeepLineTable. CVE-2021-3933 Divide-by-zero in Imf31::RGBtoXYZ. CVE-2021-3941...
Updated flatpak packages fix security vulnerability
Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...
Updated filezilla packages fix security vulnerability
filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by...
Updated qt4 and qtsvg5 packages fix a security vulnerability
An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue CVE-2021-3481...
Updated python-lxml packages fix a security vulnerability
An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
Updated ceph packages fix a security vulnerability
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...
Updated pagure packages fix a security vulnerability
Pagure before 5.6 allows XSS via the templates/blame.html blame view...
Updated htmlunit packages fix security vulnerability
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code CVE-2020-5529...
Updated subversion packages fix security dos vulnerability
Subversion has been updated to fix a remote unauthenticated denial-of-service in Subversion modauthzsvn...
Updated gdisk package fixes security vulnerabilities
A bug that could cause segfault if GPT header claimed partition entries are oversized CVE-2020-0256. A bug that could cause a crash if a badly-formatted MBR disk was read CVE-2021-0308. The gdisk package has been updated to version 1.0.6, fixing these issues and several other bugs. See the upstre...
Updated sudo packages fix security vulnerabilities
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239. selinuxeditcopytfiles in sudoedit in...
Updated openexr packages fix security vulnerabilities
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference CVE-2020-15304. An issue was discovered in OpenEXR before 2.5.2. Invalid...
Updated graphicsmagick packages fix security vulnerability
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c CVE-2020-12672...
Updated roundcubemail package fixes security vulnerability
Fixes stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. CVE-2020-35730...
Updated x11-server packages fix security vulnerabilities
A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability CVE-2020-14360. A flaw was found in...
Updated php-pear packages fix security vulnerabilities
Filename manipulation vulnerabilities CVE-2020-28948 / CVE-2020-28949 Updated also ArchiveTar to 1.4.11...
Updated libproxy packages fix a security vulnerability
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. CVE-2020-26154...
Updated wireshark packages fix security vulnerabilities
The TCP dissector could crash CVE-2020-25862. The MIME Multipart dissector could crash CVE-2020-25863. The BLIP dissector could crash CVE-2020-25866...
Updated cairo packages fix security vulnerability
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash. CVE-2017-7475...
Updated ghostscript packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A buffer overflow vulnerability in lprnisblack in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. CVE-2020-16287 A buffer overflow vulnerability in...
Updated python-rstlib packages fix security vulnerability
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resultin...
Updated libjpeg packages fix security vulnerability
Updated libjpeg packages fix security vulnerability: libjpeg-turbo 2.0.4 has a heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file CVE-2020-13790...
Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...
Updated libvncserver packages fix security vulnerability
Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value CVE-2019-20788...
Updated git packages fix security vulnerability
With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol CVE-2020-5260...
Updated golang packages fix security vulnerability
Updated golang packages fix security vulnerability: An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as...
Updated librsvg packages fix security vulnerability
The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows...
Updated phpmyadmin packages fix security vulnerability
Some SQL injections via table names and parameters were fixed...
Updated okular packages fix security vulnerability
Updated okular packages fix security vulnerability: Okular can be tricked into executing local binaries via specially crafted PDF files. This binary execution can require almost no user interaction. No parameters can be passed to those local binaries CVE-2020-9359...
Updated pdfresurrect packages fix security vulnerability
The updated package fixes a security vulnerability: In PDFResurrect 0.12 through 0.19, gettype in pdf.c has an out-of-bounds write via a crafted PDF document. CVE-2020-9549...
Updated weechat packages fix security vulnerability
Updated weechat packages fix security vulnerability: ircmodechannelupdate in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a malformed IRC message 324 channel...
Updated openjpeg2 packages fix security vulnerability
opjt1clbldecodeprocessor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-8112...
Updated gthumb packages fix security vulnerability
A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file CVE-2019-20326...
Updated ansible package fixes security vulnerabilities
A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...
Updated jhead packages fix security vulnerabilities
Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file CVE-2019-19035. A vulnerability...
Updated flightcrew packages fix security vulnerabilities
The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx or GetRelativePathsToXhtmlDocuments when a NULL pointer is passed to xc::XMLUri::isValidURI. This affects third-party software not...