6009 matches found
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
Upstream kernel version 6.6.52 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated apache-mod_jk packages fix security vulnerability
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to information disclosure and/or denial of service. CVE-2024-46544...
Updated kernel-linus packages fixes security vulnerabilities
Vanilla upstream kernel version 6.6.52 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated gnome-shell packages fix security vulnerability
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
Updated gtk+2.0 and gtk+3.0 packages fix security vulnerability
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. CVE-2024-6655...
Updated glib2.0 packages fix security vulnerability
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...
Updated python-astropy packages fix security vulnerability
Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a command or a script file as a value to the savelayout argument, which will be placed as the first value in a...
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
Upstream kernel version 6.6.50 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.50 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated suricata packages fix security vulnerabilities
CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535, CVE-2024-38536 Suricata can...
Updated clamav packages fix security vulnerabilities
Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...
Updated python3-webob package fix security vulnerability
When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and then trea...
Updated postgresql15 & postgresql13 packages fix security vulnerability
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
Updated microcode packages fix security vulnerabilities
Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2024-23984 Improper finite state machines FSMs in hardware logic in some Intel® Processors may allow an privileged user to potentially...
Updated wireshark packages fix security vulnerability
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.2.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. CVE-2024-8250...
Updated tgt packages fix security vulnerability
tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. CVE-2024-45751...
Updated tcpreplay package fix security vulnerability
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function getlayer4v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclose...
Updated botan2 packages fix security vulnerability
An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...
Updated assimp packages fix security vulnerability
Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program...
Updated python-tqdm package fixes security vulnerability
Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable...
Updated radare2 packages fix security vulnerability
radare2 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian...
Updated expat packages fix security vulnerabilities
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
Updated microcode package fix security vulnerabilities
Improper isolation in the IntelR CoreTM Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-42667 Improper isolation in some IntelR Processors stream cache mechanism may allow an authenticated user to...
Updated libpcap packages fix security vulnerabilities
In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...
Nginx has been updated to the latest stable release to fix CVE
CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...
Updated libtiff packages fix security vulnerability
A null pointer dereference flaw was found in Libtiff via tifdirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash,...
Updated orc packages fix security vulnerability
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...
Updated zziplib packages fix security vulnerability
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the zzipfetchdisktrailer function at /zzip/zip.c. CVE-2024-39134...
Updated webmin package fixes security vulnerability
CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources...
Updated openssl packages fix security vulnerability
Possible denial of service in X.509 name checks. CVE-2024-6119...
Updated apr packages fix security vulnerability
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. CVE-2023-49582...
Updated unbound packages fix security vulnerability
Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-43167...
Updated ntfs-3g packages fix security vulnerability
NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. CVE-2023-52890...
Updated ffmpeg packages fix security vulnerabilities
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t...
Updated vim packages fix security vulnerabilities
Use-after-free in tagstackclearentry in Vim v9.1.0647. CVE-2024-41957 Use-after-free in alistadd in Vim v9.1.0678. CVE-2024-43374...
Updated nodejs & yarnpkg packages fix security vulnerabilities
Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 High CVE-2024-22020 - Bypass network import restriction via data URL Medium CVE-2024-22018 - fs.lstat bypasses permission model Low CVE-2024-36137 - fs.fchown/fchmod bypasses...
Updated quictls packages fix security vulnerabilities
The updated packages fix security vulnerabilities...
Updated packages fix security vulnerabilities
CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email...
Updated roundcubemail packages fix security vulnerabilities
Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak access to remote content via insufficient CSS filtering CVE-2024-42010...
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
Upstream kernel version 6.6.43 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.43 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated emacs packages improve Wayland support and fix a security vulnerability
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. CVE-2024-39331...
Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change. Successf...
Updated thunderbird packages fix security vulnerabilities
Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...
Updated chromium-browser-stable packages fix security vulnerabilities
Inappropriate implementation in V8. CVE-2024-6772 Type Confusion in V8. CVE-2024-6773 Use after free in Screen Capture. CVE-2024-6774 Use after free in Media Stream. CVE-2024-6775 Use after free in Audio. CVE-2024-6776 Use after free in Navigation. CVE-2024-6777 Race in DevTools. CVE-2024-6778 Ou...
Updated apache packages fix security vulnerabilities
CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...
Updated libfm & libfm-qt packages fix security vulnerability
Fixed a vulnerability about trusted locations...
Updated sendmail packages fix security vulnerability
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...
Updated nss & firefox packages fix security vulnerabilities
Memory corruption in WebGL API. CVE-2024-6600 Race condition in permission assignment. CVE-2024-6601 Memory corruption in NSS. CVE-2024-6602 Memory corruption in thread creation. CVE-2024-6603 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13. CVE-2024-6604...
Updated libreoffice packages fix security vulnerability
TLS certificates are not properly verified when utilizing LibreOfficeKit. CVE-2024-5261...