6009 matches found
Updated firefox packages fix security vulnerabilities
A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox...
Updated pam packages fix security vulnerability
libpam vulnerable to leaking hashed passwords. CVE-2024-10041...
Updated rust packages fix security vulnerability
The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...
Updated radare2 packages fix security vulnerabilities
Buffer overflow in the HFS parser from grub2. CVE-2024-56737 Out-of-bounds Write in radare2. CVE-2025-1744 Buffer Overflow and Potential Code Execution in Radare2. CVE-2025-1864...
Updated libxslt packages fix security vulnerabilities
xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...
Updated emacs packages fix a security vulnerability
A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
Updated ofono packages fix security vulnerabilities
Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodedeliver function. CVE-2023-2794 Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodestatusreport function. CVE-2023-4232 Sms decoder stack-based buffer overflow...
Updated iperf packages fix security vulnerability
It was discovered that iperf 3.17.1 contains a segmentation violation via the iperfexchangeparameters function...
Updated nodejs & yarnpkg packages fix security vulnerabilities
Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...
Updated python-ansible-core packages fix security vulnerability
ansible-core: possible information leak in tasks that ignore ANSIBLENOLOG configuration CVE-2024-0690...
Updated virtualbox packages fix security vulnerabilities and other bugs
This update fixes several security issues and other bugs, among them: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon t...
Updated libcue packages fix a security vulnerability
Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it is then automatically scanned by tracker-miners. And because it has a .c...
Updated cups packages fix security vulnerabilities
The updated packages fix security vulnerabilities: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents. CVE-2023-32360 Due to failure in validating the length provided by an...
Updated indent package fixes security vulnerabilities
GNU indent 2.2.13 has a heap-based buffer overflow in searchbrace in indent.c via a crafted file. CVE-2023-40305 GNU indent 2.2.13 has a heap overread in lexi...
Updated curaengine packages fix security vulnerability
Denial of service due to integer overflow CVE-2022-28041...
Updated peazip packages fix security vulnerability
Denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. CVE-2023-24785...
Updated libksba packages fix security vulnerability
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629...
Updated matio packages fix security vulnerability
matio aka MAT File I/O Library 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble called from ReadInt32Data and MatVarRead4. CVE-2020-36428 matio aka MAT File I/O Library 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MMmemcpy called from H5MMmalloc and...
Updated x11-server packages fix security vulnerability
Buffer overflow in function GetCountedString of the file xkb/xkb.c. CVE-2022-3550 Memory leak in the function ProcXkbGetKbdByName of the file xkb/xkb.c. CVE-2022-3551...
Updated kitty packages fix security vulnerability
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. CVE-2022-41322...
Updated htmldoc packages fix security vulnerability
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to imageloadbmp. CVE-2021-40985...
Updated pjproject packages fix security vulnerability
Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get...
Updated libgd packages fix security vulnerability
readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file. CVE-2021-38115 gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. CVE-2021-40145...
Updated gpac packages fix security vulnerability
A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. CVE-2021-21834 A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause a...
Updated libebml packages fix a security vulnerability
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml CVE-2021-3405...
Updated file-roller packages fix security vulnerability
Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The...
Updated wavpack packages fix a security vulnerability
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument CVE-2020-35738...
Updated djvulibre packages fix security vulnerabilities
Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file. CVE-2021-3500. Out of bounds write in function DJVU::filterbv via crafted djvu file. CVE-2021-32490. Integer overflow in function render in tools/ddjvu via crafted djvu file. CVE-2021-32491 Out of bounds read in...
Updated upx packages fix security vulnerabilities
The updated package fixes security vulnerabilities: A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect. CVE-2020-24119 A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or...
Updated connman packages fix security vulnerabilities
A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, which could result in denial of service or the execution of arbitrary code CVE-2021-26675, CVE-2021-26676...
Updated jasper packages fix security vulnerability
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components CVE-2021-3272. A flaw was found in jasper. An out of bounds read issue was found in jp2decode function...
Updated wpa_supplicant packages fix security vulnerability
A vulnerability was discovered in how p2p/p2ppd.c in wpasupplicant before 2.10 processes P2P Wi-Fi Direct provision discovery requests. It could result in denial of service or other impact potentially execution of arbitrary code, for an attacker within radio range CVE-2021-27803...
Updated privoxy package fixes security vulnerabilities
Fixed a memory leak when decompression fails "unexpectedly". CVE-2021-20216 Prevent an assertion from getting triggered by a crafted CGI request. CVE-2021-20217...
Updated gnutls packages fix security vulnerability
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...
Updated kio-extras packages fix security vulnerability
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password CVE-2020-12755...
Updated putty package fixes security vulnerability
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client CVE-2020-14002...
Updated znc packages fix security vulnerability
The znc package has been updated to version 1.8.1, containing several bugfixes and enhancements. See the upstream change logs for details...
Updated pdns-recursor packages fix security vulnerability
Updated pdns-recursor package fixes security vulnerability: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the...
Updated mbedtls packages fix security vulnerability
Updated mbedtls packages fix security vulnerability Fix side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave to fully recover an ECDSA private key. CVE-2020-10932 Fi...
Updated libzypp packages fix security vulnerability
Libzypp from mageia 7 is affected by a security issue. This update fixes this. Incorrect Default Permissions vulnerability in libzypp allowed local attackers to read a cookie store used by libzypp, exposing private cookies...
Updated transmission packages fix security vulnerability
Updated transmission packages fix security vulnerability: Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file CVE-2018-10756...
Updated dolphin-emu packages fix security vulnerability
Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues: - The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9....
Updated ruby-json packages fix security vulnerability
Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...
Updated libvncserver packages fix security vulnerability
Updated libvncserver packages fix security vulnerability: In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin CVE-2019-15690...
Updated mediawiki packages fix security vulnerability
Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...
Updated libseccomp packages fix security vulnerability
Updated libseccomp packages fix security vulnerability: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system call...
Updated python-bleach packages fix security vulnerability
The updated packages fix a security vulnerability: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. CVE-2020-6802...
Updated exiv2 packages fix security vulnerability
The updated packages fix a security vulnerability: In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...
Updated tigervnc packages fix security vulnerabilities
Updated tigervnc packages fix security vulnerabilities: The tigervnc package has been updated to version 1.10.1 to fix multiple unspecified security issues. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the othe...
Updated pdfresurrect packages fix security vulnerabilities
Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled CVE-2019-14267. An issue was discovered in PDFResurrect before 0.18...