6007 matches found
Updated qt4 packages fix security vulnerability
A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash CVE-2014-0190. Qt4 has been patched to correct this flaw and has been...
Updated python-lxml package fix CVE-2014-3146
Updated python-lxml packages fix security vulnerability: The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...
Updated ldns package fixes CVE-2014-3209
Updated ldns packages fix security vulnerability: ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable CVE-2014-3209...
Updated subversion packages fix CVE-2014-0032
Updated subversion packages fix security vulnerability: The moddavsvn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service crash via an OPTIONS request CVE-2014-0032. The package has been patched to correct this issue...
Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression
Updated puppet and puppet3 packages fix security vulnerability: An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system CVE-2013-4969. This update also...
Updated ejabberd package fixes security vulnerabilities
The TLS driver in ejabberd before 2.1.12 supports 1 SSLv2 and 2 weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack CVE-2013-6169...
Updated spice packages fix a security vulnerability
Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the redshandleticket function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting...
Updated bind package fixes security vulnerability
Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with t...
Updated asterisk packages fix CVE-2013-7100
Updated asterisk packages fix security vulnerability: Buffer overflow in the unpacksms16 function in apps/appsms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified...
Updated apache-mod_nss package fixes CVE-2013-4566
Updated apache-modnss package fixes security vulnerability: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss...
Updated subversion package fixes security vulnerabilities
moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...
Updated samba packages fix CVE-2013-4475
Updated samba packages fix security vulnerabilities: Samba versions before 3.6.20 do not check the underlying file or directory ACL when opening an alternate data stream CVE-2013-4475. Samba is not configured by default to support alternate data streams, so only servers that have enabled the...
Updated mediawiki package fixes security vulnerabilities
Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader CVE-2013-4301. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP CVE-2013-4302. An issue with the MediaWiki API in MediaWiki before 1.20.7 where ...
Updated curl packages fix CVE-2013-2174
libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...
Updated ruby-rack packages fix security vulnerabilities
Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...
Updated tomcat packages fix security vulnerabilities
Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...
Updated golang packages fix security vulnerabilities
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied - CVE-2025-22870. The net/http package...
Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2025-1920: Type Confusion in V8. High CVE-2025-2135: Type Confusion in V8. Medium CVE-2025-2136: Use after free in Inspector. Medium CVE-2025-2137: Out of bounds read in V8...
Updated postgresql15 & postgresql13 packages fix security vulnerability
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation. CVE-2025-1094...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.74 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated buildah, podman, skopeo packages fix security vulnerabilities
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities
Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...
Updated suricata packages fix security vulnerabilities
CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535, CVE-2024-38536 Suricata can...
Updated emacs packages improve Wayland support and fix a security vulnerability
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. CVE-2024-39331...
Updated aom packages fix security vulnerability
Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers: Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and so...
Updated strongswan packages fix security vulnerability
Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2 improvements...
Updated curaengine & blender packages fix security vulnerability
stbimage.h v2.27 was discovered to contain an integer overflow via the function stbijpegdecodeblockprogdc. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2022-28041...
Updated postgresql15 and postgresql13 packages fix a security vulnerability
The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. CVE-2024-0985...
Updated Firefox and Thunderbird packages fix security vulnerabilities
Updated Firefox and Thunderbird packages fix security vulnerabilities: Out-of-bounds write in PathOps. CVE-2023-5169 Use-after-free in Ion Compiler. CVE-2023-5171 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. CVE-2023-5176 Heap buffer overflow in libvpx...
Updated iperf packages fix security vulnerability
It was discovered that iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field CVE-2023-38403...
Updated cri-o packages fix security vulnerability
Denial of service due to memory or disk exhaustion. CVE-2022-1708...
Updated keepass packages fix security vulnerability
Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...
Updated mariadb packages fix security vulnerability
It is possible for function spiderdbmbase::printwarnings to dereference a null pointer. CVE-2022-47015...
Updated sniproxy packages fix security vulnerability
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. CVE-2023-25076...
Updated sudo packages fix security vulnerability
Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487...
Updated libapreq2 packages fix security vulnerability
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. CVE-2022-22728...
Updated xrdp packages fix security vulnerability
xrdp less than v0.9.21 contain a buffer over flow in xrdploginwndcreate function. CVE-2022-23468 xrdp less than v0.9.21 contain a buffer over flow in audinsendopen function. CVE-2022-23477 xrdp less than v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function...
Updated shadowutils packages fix security vulnerability
shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees. CVE-2013-4235...
Updated sudo packages fix security vulnerability
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
Updated python-coookiecutter packages fix security vulnerability
Command Injection via hg argument CVE-2022-24065...
Updated squid packages fix security vulnerability
Denial of Service in Gopher Processing. CVE-2021-46784...
Updated zsh packages fix security vulnerability
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion. CVE-2021-45444...
Updated suricata packages fix security vulnerability
Critical evasion in suricata CVE-2021-35063...
Updated thunderbird packages fix security vulnerability
OpenPGP signature status doesn't consider additional message content. CVE-2021-4126 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. CVE-2021-44538...
Updated cloud-init packages fix security vulnerability
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1....
Updated cockpit packages fix security vulnerability
Restrict frame embedding to same origin...
Updated icu packages fix security vulnerability
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30535...
Updated thunderbird packages fix security vulnerability
Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code CVE-2021-38493. The...
Updated lynx packages fix security vulnerability
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165...
Updated ruby-addressable packages fix security vulnerability
A security flaw was found on rubygem-addressable that a crafted template may cause a Denial of Service CVE-2021-32740...