6007 matches found
Updated python-jinja2 package fixes two security vulnerabilities
Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...
Updated xml-security package fixes security vulnerability
James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...
Updated cxf, wss4j, and jacorb packages fix security vulnerability
Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a...
Updated munin packages fixes two security vulnerabilities
Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master CVE-2013-6048. A...
Updated 389-ds-base package fixes CVE-2013-4485
Updated 389-ds-base packages fix security vulnerability: It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights GER search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able ...
Updated poppler packages fix multiple vulnerabilities
Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application...
Updated libtiff packages fix CVE-2013-4244
Updated libtiff packages fix security vulnerability: Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code CVE-2013-4244...
Updated lcms2 packages fixes security vulnerability
It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash CVE-2013-4160...
apache-mod_security new security issue CVE-2013-2765
Updated apache-modsecurity packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on...
Updated socat package fixes security vulnerability
Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode CVE-2013-3571...
Updated libexif packages fix security vulnerabilities
CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...
Updated chromium-browser-stable packages fix security vulnerabilities
Use after free in Site Isolation. CVE-2025-3066 Inappropriate implementation in Custom Tabs. CVE-2025-3067 Inappropriate implementation in Intents. CVE-2025-3068 Inappropriate implementation in Extensions. CVE-2025-3069 Insufficient validation of untrusted input in Extensions. CVE-2025-3070...
Updated python-waitress packages fix security vulnerabilities
Waitress has a request processing race condition in HTTP pipelining with an invalid first request. CVE-2024-49768 Waitress has a denial of service leading to high CPU usage/resource exhaustion. CVE-2024-49769...
Updated dcmtk packages fix security vulnerabilities
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...
Updated openjpeg2 packages fix security vulnerabilities
Heap buffer overflow in bin/common/color.c. CVE-2024-56826 Heap buffer overflow in lib/openjp2/j2k.c. CVE-2024-56827...
Updated qemu packages fix security vulnerabilities
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...
Updated firefox packages fix security vulnerabilities
The updated package provides Firefox 128 for all mandatory arches of Mageia x8664, i586 and aarch64, fixing several bugs, including security vulnerabilities, for i586 and aarch64: Fullscreen notification dialog can be obscured by document content. CVE-2024-7518 Out of bounds memory access in...
Updated quictls packages fix security vulnerabilities
The updated packages fix security vulnerabilities...
Updated libvpx packages fix security vulnerabilities
There exists integer overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...
Updated 0-plugins-base packages fix security vulnerability
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
Updated ghostscript packages fix security vulnerability
An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722...
Updated tcpdump packages fix security vulnerability
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. CVE-2024-2397...
Updated mutt packages fix security vulnerabilities
Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 1.5.2 2.2.12. CVE-2023-4875...
Updated jasper packages fix security vulnerability
CVE-2024-31744: Fixed denial of service through assertion failure in jpcstreamlistremove...
Updated unixODBC packages fix security vulnerability
It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash...
Updated irssi packages fix security vulnerabilities
The updated packages fix a security vulnerability: Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. CVE-2023-29132...
Updated libvpx packages fix a security vulnerability
The updated packages fix a security vulnerability VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488...
Updated redis package fixes a security vulnerability
Redis upstream published a fix for CVE-2023-45145. CVE-2023-45145: The wrong order of listen2 and chmod2 calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup...
Updated texlive packages fix security vulnerability
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...
Updated thunderbird packages fix security vulnerability
Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Memory safety bugs fixed in Thunderbird 102.12 CVE-2023-34416...
Updated cups-filters packages fix security vulnerability
Possible command injection in the Backend Error Handler CVE-2023-24805...
Updated vim packages fix security vulnerability
Use of Out-of-range Pointer Offset in GitHub repository vim/vim. CVE-2023-2426...
Updated libheif packages fix security vulnerability
Vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996...
Updated thunderbird packages fix security vulnerability
Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...
Updated python-owslib packages fix security vulnerability
XML External Entity XXE Injection CVE-2023-27476...
Updated libtar packages fix security vulnerability
After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free. CVE-2021-33640...
Updated libconfuse packages fix security vulnerability
cfgtildeexpand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. CVE-2022-40320...
Updated perl-HTTP-Daemon packages fix security vulnerability
Request smuggling in HTTP::Daemon CVE-2022-31081...
Updated fish packages fix security vulnerability
Arbitrary Code Execution. CVE-2022-20001...
Updated openscad packages fix security vulnerability
Out-of-bounds memory access in DXF loader. CVE-2022-0496 Out-of-bounds memory access in comment parser. CVE-2022-0497...
Updated fribidi packages fix security vulnerability
Stack based buffer overflow. CVE-2022-25308 Heap-buffer-overflow in fribidicaprtltounicode. CVE-2022-25309 SEGV in fribidiremovebidimarks. CVE-2022-25310...
Updated aom packages fix security vulnerability
aomdsp/graintable.c in libaom in AOMedia before 2021-03-30 has a use-after-free. CVE-2021-30474...
Updated plib packages fix security vulnerability
Integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA function in src/ssg/ssgLoadTGA.cxx file...
Updated mediawiki packages fix security vulnerability
XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...
Updated weechat packages fix security vulnerability
A crafted WebSocket frame could result in a crash in the weechat Relay plugin...
Updated c-ares packages fix security vulnerability
Missing input validation on hostnames returned by DNS servers. CVE-2021-3672...
Updated transfig package fixes a security vulnerability
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in readobjects could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as...
Updated wireshark packages fix a security vulnerability
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVE-2021-22235...
Updated tpm2-tools package fixes security vulnerability
A flaw was found in tpm2-tools. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality CVE-2021-3565...
Updated gupnp packages fix a security vulnerability
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected...