6011 matches found
Updated emacs packages fix security vulnerability
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...
Updated postgresql packages fix security vulnerability
Client memory disclosure when connecting, with Kerberos, to modified server. CVE-2022-41862...
Updated clamav packages fix security vulnerability
A possible remote code execution vulnerability in the HFS+ file parser. CVE-2023-20032 A possible remote information leak vulnerability in the DMG file parser. CVE-2023-20052...
Updated ipython packages fix security vulnerability
Executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to. CVE-2022-21699...
Updated python-twisted packages fix security vulnerability
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...
Updated jupyter-core packages fix security vulnerability
Arbitrary code execution when loading configuration files CVE-2022-39286...
Updated apr packages fix security vulnerability
Integer Overflow or Wraparound vulnerability in aprencode functions of Apache Portable Runtime APR allows an attacker to write beyond bounds of a buffer. CVE-2022-24963...
Updated php packages fix security vulnerability
The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...
Updated c-ares packages fix security vulnerability
The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-4904...
Updated python-cryptography packages fix security vulnerability
Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as 'bytes' to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an...
Updated python-jupyterlab packages fix security vulnerability
Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...
Updated gnutls packages fix security vulnerability
Timing side channel in the RSA decryption implementation of the GNU TLS library. CVE-2023-0361...
Updated git packages fix security vulnerability
Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links, the objects directory itself may still be a symbolic link. The...
Updated apache-commons-fileupload packages fix security vulnerability
Denial of service with a malicious upload or series of uploads. CVE-2023-24998...
Updated sofia-sip packages fix security vulnerability
The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...
Updated sox packages fix security vulnerability
CVE-2019-13590: sox-fmt validation CVE-2021-3643 and CVE-2021-23210: voc validation CVE-2021-23159 and CVE-2021-23172: hcom validation CVE-2021-33844: wav validation CVE-2021-40426: sphere validation CVE-2022-31650: aiff validation CVE-2022-31651: reject implausible rate...
Updated webkit2 packages fix security vulnerability
Type confusion leading to arbitrary code execution using crafted web page CVE-2023-23529...
Updated qtbase5 packages fix security vulnerability
Avoid unintentionally using binaries from CWD CVE-2022-23853 Fix a possible DOS involving the Qt SQL ODBC driver plugin CVE-2023-24607 Also fixes a regression that prevented Akonadi from working with kmail...
Updated curl packages fix security vulnerability
HTTP multi-header compression denial of service. CVE-2023-23916...
Updated nodejs-qs packages fix security vulnerability
nodejs qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query...
Updated upx packages fix security vulnerability
Denial of service due to heap-based buffer overflow issue in UPX in PackTmt::pack in ptmt.cpp file. CVE-2023-23456 Denial of service due to segmentation fault in UPX in PackLinuxElf64::invertptdynamic in plxelf.cpp. CVE-2023-23457...
Updated firefox packages fix security vulnerability
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled CVE-2023-0767. The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when...
Updated thunderbird packages fix security vulnerability
User Interface lockup with messages combining S/MIME and OpenPGP. CVE-2023-0616 Content security policy leak in violation reports using iframes. CVE-2023-25728 Screen hijack via browser fullscreen mode. CVE-2023-25730 Arbitrary memory write via PKCS 12 in NSS. CVE-2023-0767 Potential use-after-fr...
Updated apr-util packages fix security vulnerability
Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. CVE-2022-25147...
Updated tpm2-tss packages fix security vulnerability
Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array only has TPM2ERRORTSS2RCLAYERCOUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 109.0.5414.119 release, fixing 6 vulnerabilities. Some of the security fixes are: High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kimchichoo and Cassidy Kim@cassidy6564 on 2022-10-19 High CVE-2023-0472: Use after...
Updated webkit2 packages fix security vulnerability
Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42826 CVE-2023-23517 CVE-2023-23518...
Updated ffmpeg packages fix security vulnerability
A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformatnewstream and triggers the null pointer dereference error, causing an application to crash...
Updated libzen packages fix security vulnerability
A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference...
Updated editorconfig-core-c packages fix security vulnerability
Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary...
Updated phpmyadmin packages fix security vulnerability
Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...
Updated netatalk packages fix security vulnerability
Heap overflow leading to arbitrary code execution. CVE-2021-31439 Buffer overflow leading to remote code execution CVE-2022-0194 Improper length validation leading to remote code execution CVE-2022-23121 Buffer overflow leading to remote code execution CVE-2022-23122 Out-of-bounds read leading to...
Updated java/timezone packages fix security vulnerability
Improper restrictions in CORBA deserialization. CVE-2023-21830 Handshake DoS attack against DTLS connections. CVE-2023-21835 Soundbank URL remote loading. CVE-2023-21843...
Updated python-future packages fix security vulnerability
Excessive CPU usage via a crafted Set-Cookie header CVE-2022-40899...
Updated nodejs-minimist packages fix security vulnerability
Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906...
Updated advancecomp packages fix security vulnerability
Segmentation fault on invalid MNG size...
Updated tigervnc packages fix security vulnerability
Updated packages rebuilt for recent x11-server security update...
Updated libxpm packages fix security vulnerability
libXpm incorrectly handled calling external helper binaries. If libXpm was being used by a setuid binary, a local attacker could possibly use this issue to escalate privileges. CVE-2022-4883 libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a...
Updated thunderbird packages fix security vulnerability
libusrsctp library out of date. CVE-2022-46871 Arbitrary file read from GTK drag and drop on Linux. CVE-2023-23598 URL being dragged from cross-origin iframe into same tab triggers navigation. CVE-2023-23601 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers...
Updated dojo packages fix security vulnerability
Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting XSS attacks. CVE-2020-4051 Prototype pollution vulnerability via the setObject function. CVE-2021-23450...
Updated libtiff packages fix security vulnerability
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image. CVE-2022-48281...
Updated ruby-sinatra packages fix security vulnerability
Potential reflected file download RFD vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. CVE-2022-45442...
Updated apache packages fix security vulnerability
CVE-2022-37436: Apache HTTP Server: modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers ha...
Updated git packages fix security vulnerability
gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a '.gitattributes' file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes,...
Updated python-mechanize packages fix security vulnerability
Denial of service via crafted regular expression CVE-2021-32837 Fixed mechanize not found during build...
Updated sofia-sip packages fix security vulnerability
Missing message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow CVE-2023-22741...
Updated opusfile packages fix security vulnerability
NULL pointer dereferences in opgetdata and opopen1 in opusfile.c CVE-2022-47021...
Updated python-django packages fix security vulnerability
Internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. CVE-2022-41323 Potential denial-of-service via Accept-Language headers CVE-2023-23969...
Updated firefox packages fix security vulnerability
A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...
Updated sudo packages fix security vulnerability
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...