6007 matches found
Updated openafs packages fix security vulnerabilities
Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...
Updated libunwind package fixes security vulnerability
An invalid DWOPbregXX opcodes can access dwarftounwregnummap one item past the end CVE-2015-3239...
Updated python-tornado package fixes security vulnerability
Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...
Updated novnc packages fix CVE-2013-7436
Updated novnc package fixes security vulnerability: noVNC before 0.5.1 allows an attacker to steal insecurely set session token cookies, hijacking active or inactive VNC sessions CVE-2013-7436...
Updated sympa packages fix CVE-2015-1306
Updated sympa packages fix security vulnerability: A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Symp...
Updated c-icap packages fix security vulnerabilities
Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts CVE-2013-7401, CVE-2013-7402...
Updated php-smarty packages fix security vulnerability
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template CVE-2014-8350...
Updated pulseaudio package fixes RTP remote crash vulnerability
PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the...
Updated mediawiki packages fix security vulnerbilities
Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...
Updated procmail packages fix CVE-2014-3618
Updated procmail package fixes security vulnerability: A heap-based buffer overflow was reported in procmail's formail utility when parsing addresses with unbalanced quotes CVE-2014-3618...
Updated busybox packages fix CVE-2014-4607
Updated busybox packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. Busybox bundles part ...
Updated mednafen packages fix CVE-2014-4607
The bundled version of minilzo.c in the mednafen package has been updated to version 2.08 to fix the following security vulnerability: An integer overflow in minilzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO...
Updated libgadu package fixes CVE-2014-3775
Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, o...
Updated mumble packages fix two security vulnervabilitites
Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...
Updated a2ps packages fix CVE-2014-0466
Updated a2ps packages fix security vulnerability: Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges...
Updated pixman package fixes security vulnerability
Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash CVE-2013-6425...
Updated nmap package fixes CVE-2013-4885
Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...
Updated chromium-browser-stable package fix security vulnerabilities
The chrome 29 development team found various issues from internal fuzzing audits, and other studies CVE-2013-2887. Krystian Bigaj discovered a file handling path sanitization issue CVE-2013-2900. Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer...
Updated libtiff packagess fix multiple security vulnerabilities
Updated libtiff packages fix security vulnerabilities: Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote...
Updated xymon package fixes security vulnerability.
A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done with the privileges of the user that Xymon is running with, s...
Updated flash-player-plugin packages fix multiple security vulnerabilities
Adobe Flash Player 11.2.202.297 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a heap buffer overflow vulnerability that could...
Updated apache-mod_auth_openidc packages fix security vulnerability
modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. CVE-2025-31492...
Updated corosync packages fix security vulnerability
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...
Updated ffmpeg packages fix security vulnerability
FFmpeg NULL Pointer Dereference. CVE-2024-12361...
Updated freerdp packages fix security vulnerabilities
FreeRDP rdpwritelogoninfov1 NULL access. CVE-2024-32661...
Updated vim packages fix security vulnerability
Potential code execution with tar.vim and special crafted tar files...
Updated libtasn1 packages fix security vulnerability
When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...
Updated redis packages fix security vulnerabilities
Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...
Updated rsync packages fix security vulnerabilities
Heap buffer overflow in rsync due to improper checksum length handling. CVE-2024-12084 Info leak via uninitialized stack contents. CVE-2024-12085 Rsync server leaks arbitrary client files. CVE-2024-12086 Path traversal vulnerability in rsync. CVE-2024-12087 Rsync --safe-links option bypass leads ...
Updated avahi packages fix security vulnerabilities
Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...
Updated krb5 packages fix security vulnerability
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...
Updated libarchive packages fix security vulnerabilities
executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a...
Updated hostapd & wpa_supplicant packages fix security vulnerability
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...
Updated gnome-shell packages fix security vulnerability
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
Updated webmin package fixes security vulnerability
CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...
Updated stb packages fix security vulnerabilities
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...
Updated opencryptoki packages fix security vulnerability
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...
Updated cups packages fix security vulnerability
Use-after-free in cupsdAcceptClient. CVE-2023-34241...
Updated tcpdump packages fix security vulnerability
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. CVE-2023-1801...
Updated dino packages fix security vulnerability
When a Dino client receives a specifically crafted message from an unauthorized sender, it would use information from that message to add, update or remove entries in the user’s personal bookmark store without requiring further user interaction. CVE-2023-28686...
Updated liferea packages fix security vulnerability
Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. CVE-2023-1350...
Updated sos packages fix security vulnerability
SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. CVE-2022-2806...
Updated bluez packages fix security vulnerability
It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix several crashes and rendering issues. WSA-2022-0005...
Updated epiphany packages fix security vulnerability
XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list CVE-2021-45085. XSS can occur in GNOME Web aka Epiphany before 40.4 a...
Updated fetchmail packages fix security vulnerability
Update to fetchmail 6.4.24 fixes STARTTLS session encryption bypassing. CVE-2021-39272...
Updated re2c package fixes a security vulnerability
re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags CVE-2018-21232...
Updated cifs-utils packages fix a security vulnerability
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity CVE-2021-20208...
Updated mpv packages fix a security vulnerability
Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...
Updated alpine and c-client packages fix security vulnerability
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...