6009 matches found
Updated chromium-browser-stable packages fix security vulnerabilities
Lot of CVEs were fixed by upstream since our current version; please see the links...
Updated rsync packages fix security vulnerabilities
Heap buffer overflow in rsync due to improper checksum length handling. CVE-2024-12084 Info leak via uninitialized stack contents. CVE-2024-12085 Rsync server leaks arbitrary client files. CVE-2024-12086 Path traversal vulnerability in rsync. CVE-2024-12087 Rsync --safe-links option bypass leads ...
Updated raptor2 packages fix security vulnerability
In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...
Updated dcmtk packages fix security vulnerabilities
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...
Updated git packages fix security vulnerabilities
Git does not sanitize URLs when asking for credentials interactively. CVE-2024-50349 Newline confusion in credential helpers can lead to credential exfiltration in git. CVE-2024-52006...
Updated proftpd packages fix security vulnerability
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...
Updated vim packages fix security vulnerability
Heap-buffer-overflow with visual mode in Vim 9.1.1003. CVE-2025-22134...
Updated openafs packages fix security vulnerabilities
A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...
Updated openjpeg2 packages fix security vulnerabilities
Heap buffer overflow in bin/common/color.c. CVE-2024-56826 Heap buffer overflow in lib/openjp2/j2k.c. CVE-2024-56827...
Updated ceph packages fix security vulnerability
Authentication bypass in CEPH RadosGW. CVE-2024-48916...
Updated firefox packages fix security vulnerabilities
WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...
Updated thunderbird packages fix security vulnerabilities
WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...
Updated radare2 packages fix security vulnerability
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parsedie function. CVE-2024-29645...
Updated rizin packages fix security vulnerability
Command injection via RzBinInfo bclass due legacy code. CVE-2022-1207...
Updated libjxl packages fix security vulnerabilities
Out of Bounds Memory Read/Write in libjxl. CVE-2024-11403 Resource exhaustion via Stack overflow in libjxl. CVE-2024-11498...
Updated avahi packages fix security vulnerabilities
Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...
Updated opencontainers-runc packages fix security vulnerability
runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...
Updated tinyproxy packages fix security vulnerabilities
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function.. CVE-2022-40468 A use-after-free vulnerability exists in the HTTP Connection Headers...
Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities
Vulnerabilities were found in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are prior to 7.0.22 and prior to 7.1.2. A difficult to exploit vulnerability allows a high privileged attacker with logon to the infrastructure where Oracl...
Updated ruby packages fix security vulnerabilities
The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . CVE-2024-39908 The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . CVE-2024-41123 The REXML gem...
Updated emacs packages fix security vulnerability
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user choose...
Updated mozjs78 packages fix security vulnerability
An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602...
Updated tomcat packages fix security vulnerabilities
RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...
Updated thunderbird packages fix security vulnerability
Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...
Updated kernel, kmod-xtables-addons, kmod-virtualbox & dwarves packages fix security vulnerabilities
Upstream kernel version 6.6.65 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated curl packages fix security vulnerability
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...
Updated socat packages fix security vulnerability
CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh...
Updated kubernetes packages fix security vulnerabilities
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...
Updated python-aiohttp packages fix security vulnerabilities
When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...
Updated qemu packages fix security vulnerabilities
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...
Updated glib2.0 packages fix security vulnerability
Buffer overflow in socks proxy code in glib 2.82.1. CVE-2024-52533...
Updated thunderbird packages fix security vulnerabilities
Select list elements could be shown over another site. CVE-2024-11692 CSP Bypass and XSS Exposure via Web Compatibility Shims. CVE-2024-11694 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. CVE-2024-11695 Unhandled Exception in Add-on Signature Verification. CVE-2024-11696...
Updated rootcerts, nss & firefox packages fix security vulnerabilities
Select list elements could be shown over another site. CVE-2024-11692 CSP Bypass and XSS Exposure via Web Compatibility Shims. CVE-2024-11694 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. CVE-2024-11695 Unhandled Exception in Add-on Signature Verification. CVE-2024-11696...
Updated krb5 packages fix security vulnerability
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...
Updated libsoup3 & libsoup packages fix security vulnerabilities
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup before 3.6.1...
Updated zbar packages fix security vulnerabilities
A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...
Updated golang packages fix security vulnerabilities
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Calling Parse o...
Updated microcode packages fix security vulnerabilities
Improper Finite State Machines FSMs in the Hardware logic in some 4th and 5th Generation Intel® Xeon® Processors may allow an authorized user to potentially enable denial of service via local access. CVE-2024-21853 Improper conditions check in some Intel® Xeon® processor memory controller...
Updated wget packages fix security vulnerability
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524...
Updated dcmtk packages fix security vulnerability
A buffer overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. CVE-2024-27628...
Updated postgresql15 & postgresql13 packages fix security vulnerabilities
PostgreSQL row security below e.g. subqueries disregards user ID changes. CVE-2024-10976 PostgreSQL libpq retains an error message from man-in-the-middle. CVE-2024-10977 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. CVE-2024-10978 PostgreSQL PL/Perl environment variable...
Updated php packages fix security vulnerabilities
Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update...
Updated iptraf-ng packages fix security vulnerability
The updated package fixes a security vulnerability: CVE-2024-52949...
Updated rapidjson packages fix security vulnerability
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
Updated libsndfile packages fix security vulnerability
libsndfile suffers from an out-of-bounds read in oggvorbis.c vorbisanalysiswrote...
Updated tomcat packages fix security vulnerabilities
Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...
Updated kernel, kmod-xtables-addons, kmod-virtualbox & bluez packages fix security vulnerabilities
Upstream kernel version 6.6.61 fixes bugs and vulnerabilities. The bluez, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated opendmarc packages fix security vulnerability
Fix null pointer dereference in opendmarcpolicy.c. CVE-2024-25768...
Updated radare2 packages fix security vulnerability
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the bfdiv function. CVE-2024-48241...