6007 matches found
Updated fusiondirectory packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Fusiondirectory 1.3 suffers from Improper Session Handling. CVE-2022-36179 Fusiondirectory 1.3 is vulnerable to Cross Site Scripting XSS via /fusiondirectory/index.php?message=injection,...
Updated python-django package fixes security vulnerability
It was discovered that python-django EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs CVE-2023-36053...
Updated flac packages fix security vulnerability
The updated packages fix a security vulnerability: Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. CVE-2020-22219...
Updated xrdp packages fix security vulnerability
In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in session restrictions such as max concurrent sessions per user by PAM ex...
Updated file packages fix security vulnerability
File before 5.43 has a stack-based buffer over-read in filecopystr in funcs.c. CVE-2022-48554...
Updated glances packages fix security vulnerability
Regular Expression Denial of Service ReDoS in angular CVE-2022-25844...
Updated libtiff packages fix security vulnerability
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. CVE-2022-4645...
Updated jupyter-core packages fix security vulnerability
Arbitrary code execution when loading configuration files CVE-2022-39286...
Updated opusfile packages fix security vulnerability
NULL pointer dereferences in opgetdata and opopen1 in opusfile.c CVE-2022-47021...
Updated cups packages fix security vulnerability
Authentication bypass and code execution vulnerability. CVE-2022-26691...
Updated freeciv packages fix security vulnerability
Advisory text to describe the update. Wrap lines at 75 chars. Modpack Installer buffer overflow. CVE-2022-39047...
Updated x11-server packages fix security vulnerabilities
Updated x11-server packages fix security vulnerabilities: ProcXkbSetGeometry Out-Of-Bounds Access. The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write CVE-2022-2319. ProcXkbSetDeviceInfo...
Updated libcaca packages fix security vulnerability
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. CVE-2022-0856...
Updated lrzsz packages fix security vulnerability
lrzsz before version 0.12.21rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a sizet to wrap around. CVE-2018-10195...
Updated php packages fix security vulnerability
Out of bounds in phppcrereplaceimpl CVE-2017-9118 Multiple bugs fixed. See referenced changelog for details...
Updated mariadb packages fix security vulnerability
Advisory text to describe the update. Wrap lines at 75 chars. Security issue in InnoDB component has been discovered and fixed CVE-2021-35604. Additional bugs fixes too...
Updated libspf2 packages fix security vulnerability
A stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages CVE-2021-20314...
Updated spice packages fix security vulnerability
Updated spice packages fix security vulnerability: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection CVE-2021-20201...
Updated libsndfile packages fix security vulnerability
Updated libsndfile packages fix security vulnerability: A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file CVE-2021-3246...
Updated php-phpmailer package fixes security vulnerability
PHPMailer contained a vulnerability that can result in untrusted code being called CVE-2021-3603. See upstream release notes...
Updated fluidsynth packages fix a security vulnerability
fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file CVE-2021-21417...
Updated php packages fix security vulnerabilities
Updated PHP packages fix security vulnerabilities: - Fixed bug 81122: SSRF bypass in FILTERVALIDATEURL. CVE-2021-21705 PDOFirebird: - Fixed bug 76448: Stack buffer overflow in firebirdinfocb. CVE-2021-21704 - Fixed bug 76449: SIGSEGV in firebirdhandledoer. CVE-2021-21704 - Fixed bug 76450:...
Updated cgal packages fix security vulnerabilities
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef2/PMioparser.h PMioparser::readvertex Faceof OOB read. An attacker can provide malicious input to trigger this vulnerability CVE-2020-28601. An oob read vulnerability exists in NefS2/SNCioparser.h...
Updated clamav packages fix security vulnerability
The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus ClamAV Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability i...
Updated firefox packages fix security vulnerabilities
Texture upload into an unbound backing buffer resulted in an out-of-bound read. CVE-2021-23981 Angle graphics library out of date. CVE-2021-4127 Internal network hosts could have been probed by a malicious webpage. CVE-2021-23982 Malicious extensions could have spoofed popup information...
Updated xmlgraphics-commons packages fix a security vulnerability
The Apache XML Graphics Commons library is vulnerable to SSRF via the XMPParser that allow an attacker to cause the underlying server to make arbitrary GET requests CVE-2020-11988...
Updated coturn package fixes a security vulnerability
When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either ::1 or :: as t...
Updated wpa_supplicant packages fix a security vulnerability
A vulnerability was discovered in how wpasupplicant processing P2P Wi-Fi Direct group information from active group owners. The actual parsing of that information validates field lengths appropriately, but processing of the parsed information misses a length check when storing a copy of the...
Updated libexif packages fix a security vulnerability
In exifentrygetvalue of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for...
Updated firefox and thunderbird packages fix a security vulnerability
Write side effects in MCallGetProperty opcode not accounted for. In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. CVE-2020-26950 Also some bugfix for Thunderbird have been added. See upstream release...
Updated mariadb packages fix security vulnerability
This update fixes CVE-2020-15180...
Updated libssh packages fix security vulnerability
The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...
Updated docker packages fix security vulnerability
Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...
Updated weechat packages fix security vulnerabilities
Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 0.4.0 to 2.7 are affected. A malformed message 352 who can cause a NULL pointer dereference in the callback function, resulting in a crash CVE-2020-9759. An issue was discovered in WeeChat befor...
Updated sleuthkit packages fix security vulnerability
Updated sleuthkit packages fix security vulnerability: In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c CVE-2020-10232...
Updated glib2.0 packages fix security vulnerability
The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may...
Updated ruby-rake packages fix security vulnerability
Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...
Updated fontforge packages fix security vulnerabilities
FontForge 20190801 has a use-after-free in SFDGetFontMetaData in sfd.c CVE-2020-5395 FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines function in splinesave.c CVE-2020-5496...
Updated hunspell packages fix security vulnerability
Updated hunspell packages fix security vulnerability: Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx CVE-2019-16707...
Updated libmirage packages fix security vulnerabilities
Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user CVE-2019-15540. NULL pointer dereference in the NRG parser CVE-2019-15757...
Updated QT stack fix security vulnerability
This update provides the 5.12.6 QT stack maintenance release and fixes the following security issue: An out-of-bounds memory access in the generateDirectionalRuns function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an...
Updated sysstat packages fix security vulnerability
Updated sysstat package fixes security vulnerability: Memory corruption due to an integer overflow CVE-2019-16167...
Updated libjpeg packages fix security vulnerability
The updated packages fix a security vulnerability: Several integer overflow issues and subsequent segfaults occur in libjpeg-turbo when attempting to compress or decompress gigapixel images. CVE-2019-2201...
Updated chromium-browser-stable packages fix security vulnerabilities
Chromium-browser 77.0.3865.120 fixes security issues: Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component CVE-2019-13693, one in the WebRTC component CVE-2019-13694, one in the audio component CVE-2019-13695, and one in the V8 component CVE-2019-13696. A...
Updated samba packages fix security vulnerabilities
Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition CVE-2019-10197. An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference CVE-2019-12435 A...
Updated kconfig packages fix security vulnerability
Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file...
Updated pango packages fix security vulnerability
Updated pango package fixes security vulnerability: It was discovered that pango was subject to a heap based buffer overflow vulnerability which could be used to get code execution CVE-2019-1010238...
Updated wavpack packages fix security vulnerabilities
Updated wavpack packages fixes security vulnerabilities: It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service CVE-2019-11498. Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An...
Updated microcode package fixes security vulnerability
Secure Encrypted Virtualization SEV on Advanced Micro DevicesAMD Platform Security Processor PSP; aka AMD Secure Processor or AMD-SP 0.17 build 11 and earlier has an insecure cryptographic implementation. This update provides Amd SEV Firmware to 0.17 build 22 CVE-2019-9836. It also updates the...
Updated flash-player-plugin packages fix security vulnerability
Updated flash-player-plugin package fixes a security vulnerability: A use after free that leads to arbitrary code execution. CVE-2019-7845...