6009 matches found
Updated neomutt packages fix security vulnerabilities
The To and Cc email header fields are not protected by cryptographic signing. CVE-2024-49393 The In-reply-to email header field is not protected by cryptographic signing. CVE-2024-49394...
Updated python-cryptography & openssl packages fix security vulnerabilities
Cryptography vulnerable to NULL-dereference when loading PKCS7 certificates. CVE-2023-49083 Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659. CVE-2023-50782 Cryptography NULL pointer deference with pkcs12.serializekeyandcertificat...
Updated microcode packages fix security vulnerabilities
Improper Finite State Machines FSMs in Hardware Logic for some Intel® Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Improper access control in the EDECCSSA user leaf function for some Intel® Processors with Intel® SGX may allow an...
Updated ffmpeg packages fix security vulnerabilities
A buffer overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ffbwdiffilterintrac function in the libavfilter/bwdifdsp.c:125:5 component. CVE-2023-49502 FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the...
Updated python-zipp packages fix security vulnerability
Denial of Service via crafted zip file in jaraco/zipp. CVE-2024-5569...
Updated postgresql15 & postgresql13 packages fix security vulnerability
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation. CVE-2025-1094...
Updated golang packages fix security vulnerability
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. CVE-2025-22866...
Updated ofono packages fix security vulnerabilities
Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodedeliver function. CVE-2023-2794 Sms decoder stack-based buffer overflow remote code execution vulnerability within the decodestatusreport function. CVE-2023-4232 Sms decoder stack-based buffer overflow...
Updated ark packages fix security vulnerability
A security issue exists in Ark where a maliciously crafted archive containing file paths beginning with "/" allows files to be extracted to locations outside the intended directory...
Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong. CVE-2025-22376...
Updated python-tornado packages fix security vulnerability
Tornado has an HTTP cookie parsing DoS vulnerability. CVE-2024-52804...
Updated php-tcpdf packages fix security vulnerabilities
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...
Updated subversion packages fix security vulnerability
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. CVE-2024-46901...
Updated ffmpeg packages fix security vulnerability
A buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service DoS via afdialoguenhance.c:261:5 in the destereo component. CVE-2023-49528...
Updated calibre packages fix security vulnerabilities
linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root. CVE-2023-46303 Path traversal in Calibre = 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. CVE-2024-6781 Improper access control i...
Updated python-pip packages fix security vulnerability
Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...
Updated python-setuptools packages fix security vulnerability
Remote Code Execution in pypa/setuptools. CVE-2024-6345...
Updated python-jinja2 packages fix security vulnerability
Jinja has a sandbox breakout through an indirect reference to a format method. CVE-2024-56326...
Updated nginx packages fix security vulnerability
TLS Session Resumption Vulnerability. CVE-2025-23419...
Updated python-ansible-core packages fix security vulnerabilities
Exposure of sensitive information in Ansible vault files due to improper logging. CVE-2024-8775 Ansible-core user may read/write unauthorized content. CVE-2024-9902 Unsafe tagging bypass via hostvars object in ansible-core. CVE-2024-11079...
Updated python-waitress packages fix security vulnerabilities
Waitress has a request processing race condition in HTTP pipelining with an invalid first request. CVE-2024-49768 Waitress has a denial of service leading to high CPU usage/resource exhaustion. CVE-2024-49769...
Updated python-twisted packages fix security vulnerabilities
Twisted.web has disordered HTTP pipeline response. CVE-2023-46137 Twisted.web has disordered HTTP pipeline response. CVE-2024-41671 HTML injection in HTTP redirect body. CVE-2024-41810...
Updated mariadb packages fix security vulnerability
Bug fix release which fixes some memory leaks and crashes...
Updated rootcerts, nss & firefox packages fix security vulnerabilities
Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...
Updated thunderbird packages fix security vulnerabilities
Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...
Updated qtbase5 & qtbase6 packages fix security vulnerabilities
network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 A buffer overflow and application crash can occur via a crafted KTX image file. CVE-2024-25580 Code to make security-relevant decisions about an established connection may execute too early, because...
Updated libtasn1 packages fix security vulnerability
When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...
Updated xrdp packages fix security vulnerability
xrdp allows an infinite number of login attempts. CVE-2024-39917...
Updated nodejs packages fix security vulnerabilities
Worker permission bypass via InternalWorker leak in diagnostics. CVE-2025-23083 GOAWAY HTTP/2 frames cause memory leak outside heap. CVE-2025-23085...
Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerability
A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can b...
Updated gstreamer1.0, gstreamer1.0-plugins-base & gstreamer1.0-plugins-good packages fix security vulnerabilities
GStreamer has an OOB-write in isomp4/qtdemux.c. CVE-2024-47537 GStreamer has a stack-buffer overflow in vorbishandleidentificationpacket. CVE-2024-47538 GStreamer has an OOB-write in converttos3341a. CVE-2024-47539 GStreamer uses uninitialized stack memory in Matroska/WebM demuxer. CVE-2024-47540...
Updated chromium-browser-stable packages fix security vulnerability
Use after free in DevTools. CVE-2025-0762...
Updated vim packages fix security vulnerability
Segmentation fault in winline in Vim 9.1.1043. CVE-2025-24014...
Updated python-django packages fix security vulnerabilities
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. CVE-2024-38875 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. T...
Updated bind packages fix security vulnerabilities
Many records in the additional section cause CPU exhaustion. CVE-2024-11187 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load. CVE-2024-12705...
Updated libreoffice packages fix security vulnerabilities
Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...
Updated libxml2 packages fix security vulnerability
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043...
Updated redis packages fix security vulnerabilities
Redis' Lua library commands may lead to remote code execution. CVE-2024-46981 Redis allows denial-of-service due to malformed ACL selectors. CVE-2024-51741...
Updated kernel, kmod-virtualbox, kmod-xtables-addons & dwarves packages fix security vulnerabilities
Upstream kernel version 6.6.74 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.74 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated clamav packages fix security vulnerability
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. CVE-2025-20128...
Updated git-lfs packages fix security vulnerability
Git LFS permits exfiltration of credentials via crafted HTTP URLs. CVE-2024-53263...
Updated chromium-browser-stable packages fix security vulnerabilities
Object corruption in V8. CVE-2025-0611 Out of bounds memory access in V8. CVE-2025-0612...
Updated virtualbox, kmod-virtualbox packages fix security vulnerabilities
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
Updated openssl packages fix security vulnerability
Timing side-channel in ECDSA signature computation. CVE-2024-13176...
Updated glibc packages fix security vulnerability
When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-0395...
Updated iperf packages fix security vulnerability
It was discovered that iperf 3.17.1 contains a segmentation violation via the iperfexchangeparameters function...
Updated phpmyadmin packages fix security vulnerabilities
fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...
Updated poppler packages fix security vulnerability
libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. CVE-2024-56378...
Updated golang packages fix security vulnerabilities
net/http: sensitive headers incorrectly sent after cross-domain redirect, CVE-2024-45336. crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, CVE-2024-45341...