6009 matches found
Updated libreoffice packages fix security vulnerability
Arbitrary File Write in hsqldb 1.8.0. CVE-2023-1183...
Updated golang packages fix security vulnerability
Code injection via go command with cgo in cmd/go CVE-2023-29402 Ignoring setuid/setgid bits. CVE-2023-29403 Arbitrary code execution CVE-2023-29404 Arbitrary code execution CVE-2023-29405...
Updated nodejs packages fix security vulnerability
Current nodejs 14 branch in Mageia 8 is end of life and there are no more security updates. This release allows to move to the new nodejs 18 LTS branch and fixes the following CVEs CVE-2023-30581: mainModule.proto Bypass Experimental Policy Mechanism High CVE-2023-30585: Privilege escalation via...
Updated glances packages fix security vulnerability
Regular Expression Denial of Service ReDoS in angular CVE-2022-25844...
Updated apache-ivy packages fix security vulnerability
Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...
Updated testng packages fix security vulnerability
Path traversal in zip files CVE-2022-4065...
Updated cups packages fix security vulnerability
Use-after-free in cupsdAcceptClient. CVE-2023-34241...
Updated curaengine packages fix security vulnerability
Denial of service due to integer overflow CVE-2022-28041...
Updated skopeo/buildah/podman packages fix security vulnerability
Information disclosure flaw was found in Buildah CVE-2021-3602 podman allows forwarding hosts ports to vm from within vm CVE-2021-4024 Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration CVE-2021-20206 github.com/containers/storag...
Updated libx11 packages fix security vulnerability
Buffer overflows in InitExt.c in libX11 prior to 1.8.6. CVE-2023-3138...
Updated sofia-sip packages fix security vulnerability
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. CVE-2023-32307...
Updated sqlite packages fix security vulnerability
osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impact by leveraging use of the current working directory for...
Updated python-tornado packages fix security vulnerability
Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. CVE-2023-28370...
Updated docker-docker-registry packages fix security vulnerability
Denail of service through excessive use of memory. CVE-2023-2253...
Updated mediawiki packages fix security vulnerability
Bundled PapaParse copy in VisualEditor has known ReDos CVE-2020-36649. An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These fil...
Updated python-requests packages fix security vulnerability
Forwarding proxy credentials to the destination server unintentionally CVE-2023-32681...
Updated libcap packages fix security vulnerability
A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory. CVE-2023-2602 A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and...
Updated xonotic packages fix security vulnerability
A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, See referenced release notes for other changes...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was found in...
Updated sysstat packages fix security vulnerability
Multiplication integer overflow in checkoverflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVE-2023-33204...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was fou...
Updated firefox/nss packages fix security vulnerability
Click-jacking certificate exceptions through rendering lag. CVE-2023-34414 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12. CVE-2023-34416...
Updated cups packages fix security vulnerability
A heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function 'formatlogline' could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when...
Updated thunderbird packages fix security vulnerability
Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Memory safety bugs fixed in Thunderbird 102.12 CVE-2023-34416...
Updated httpie packages fix security vulnerability
Cookie exposure to third parties CVE-2022-24737...
Updated webkit2 packages fix security vulnerability
Out-of-bounds read CVE-2023-28204 Use-after-free issue CVE-2023-32373...
Updated python-flask packages fix security vulnerability
Client 'session' cookie sent to other clients CVE-2023-30861...
Updated openssl packages fix security vulnerability
Possible DoS translating ASN.1 object identifiers. CVE-2023-2650...
Updated libreoffice packages fix security vulnerability
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
Updated cups-filters packages fix security vulnerability
Possible command injection in the Backend Error Handler CVE-2023-24805...
Updated tomcat packages fix security vulnerability
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...
Updated postgresql packages fix security vulnerability
CREATE SCHEMA ... schemaelement defeats protective searchpath changes. CVE-2023-2454 Row security policies disregard user ID changes after inlining. CVE-2023-2455...
Updated qtbase5 packages fix security vulnerability
Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. CVE-2023-32762 QTextLayout buffer overflow in SVG file...
Updated vim packages fix security vulnerability
Use of Out-of-range Pointer Offset in GitHub repository vim/vim. CVE-2023-2426...
Updated tcpreplay packages fix security vulnerability
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...
Updated python-reportlab packages fix security vulnerability
Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details...
Updated mariadb packages fix security vulnerability
It is possible for function spiderdbmbase::printwarnings to dereference a null pointer. CVE-2022-47015...
Updated sniproxy packages fix security vulnerability
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. CVE-2023-25076...
Updated dmidecode packages fix security vulnerability
Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630...
Updated webkit2 packages fix security vulnerability
HTML document may be able to render iframes with sensitive user information CVE-2022-0108 maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32885 use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code ...
Updated freetype2 packages fix security vulnerability
An integer overflow vulnerability was discovered in Freetype in tthvadvanceadjust function in src/truetype/ttgxvar.c. CVE-2023-2004...
Updated cmark packages fix security vulnerability
cmark incorrectly handled certain inputs. Fixes quadratic complexity in handleclosebracket "" which may lead to a denial of service CVE-2023-22486. Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE...
Updated suricata packages fix security vulnerability
Various security, performance, accuracy and stability issues. See referenced package announcements for details...
Updated apache-mod_security packages fix security vulnerability
HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...
Updated glib2.0 packages fix security vulnerability
Denial of service caused by handling a malicious text-form variant. CVE-2023-24593 Denial of service caused by malicious serialised variant. CVE-2023-25180...
Updated patchelf packages fix security vulnerability
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. CVE-2022-44940...
Updated python-sqlparse packages fix security vulnerability
ReDoS Regular Expression Denial of Service CVE-2023-30608...
Updated libssh packages fix security vulnerability
Potential NULL dereference during rekeying with algorithm guessing. CVE-2023-1667 Authorization bypass in pkiverifydatasignature. CVE-2023-2283...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. This issue could occur when associnfo-reqlen data is bigger than t...
Updated python-pillow packages fix security vulnerability
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198...