6011 matches found
Updated tor packages fix security vulnerability
SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. CVE-2023-23589...
Updated phoronix-test-suite packages fix security vulnerability
XSS in phoromaticraddtestdetails.php CVE-2022-40704...
Updated jpegoptim packages fix security vulnerability
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. CVE-2022-32325...
Updated virtualbox packages fix security vulnerability
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. CVE-2023-21884 Unauthenticated attacker with network access via multiple protocols to compromise Oracle VM...
Updated sdl2 packages fix security vulnerability
Potential memory leak when creating a texture for an OpenGL ES image CVE-2022-4743...
Updated vim packages fix security vulnerability
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. CVE-2023-0049...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are - High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129 Heap buffer overflow in Network Service...
Updated viewvc packages fix security vulnerability
ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names names that, when...
Updated docker packages fix security vulnerability
Server side request forgery CVE-2022-29153 Bypass primary group restrictions due to a flaw in the supplementary group access setup CVE-2022-36109 Imported Nodes/Services Information leak in moby-engine. CVE-2022-3920...
Updated nautilus packages fix security vulnerability
GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. CVE-2022-37290...
Updated php packages fix security vulnerability
Update to php version 8.0.27 fixes PDO/SQLite, where PDO::quote may return unquoted string See referenced changelog for other changes...
Updated x11-server packages fix security vulnerability
X.Org Server XkbGetKbdByName use-after-free. CVE-2022-4283 X.Org Server XTestSwapFakeInput stack overflow. CVE-2022-46340 X.Org Server XIPassiveUngrab out-of-bounds access. CVE-2022-46341 X.Org Server XvdiSelectVideoNotify use-after-free. CVE-2022-46342 X.Org Server ScreenSaverSetAttributes...
Updated samba packages fix security vulnerability
There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...
Updated php-smarty packages fix security vulnerability
It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...
Updated net-snmp packages fix security vulnerability
handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2022-44792...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.88 and fixes atleast the following security issues: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment...
Updated ctags packages fix security vulnerability
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...
Updated w3m packages fix security vulnerability
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. CVE-2022-38223...
Updated xrdp packages fix security vulnerability
xrdp less than v0.9.21 contain a buffer over flow in xrdploginwndcreate function. CVE-2022-23468 xrdp less than v0.9.21 contain a buffer over flow in audinsendopen function. CVE-2022-23477 xrdp less than v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function...
Updated python-gitpython packages fix security vulnerability
Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...
Updated ffmpeg packages fix security vulnerability
An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability. CVE-2022-3109...
Updated minetest packages fix security vulnerability
This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...
Updated sogo packages fix security vulnerability
Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...
Updated python-ujson packages fix security vulnerability
Fixes len integer overflow issue. RHBZ2149975 Ultrajson doesn't build on webassembly e.g. pyodide because the version of double-conversion used is too old. This updates it to a newer version which supports webassembly...
Updated curl packages fix security vulnerability
Another HSTS bypass via IDN. CVE-2022-43551 HTTP Proxy deny use-after-free. CVE-2022-43552...
Updated libksba packages fix security vulnerability
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629...
Updated webkit2 packages fix security vulnerability
The updated packages fix security vulnerabilities and other issues. See references for details...
Updated freeradius packages fix security vulnerability
Information leakage in EAP-PWD. CVE-2022-41859 Crash on unknown option in EAP-SIM. CVE-2022-41860 Crash on invalid abinary data. CVE-2022-41861...
Updated thunderbird packages fix security vulnerability
Drag and Dropped Filenames could have been truncated to malicious extensions. CVE-2022-46874...
Updated libtar packages fix security vulnerability
After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free. CVE-2021-33640...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities. Some of the security fixes are ... High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 High CVE-2022-4437: Use after free in Mojo IPC. Reported by...
Updated advancecomp packages fix security vulnerability
advancecomp has been updated to fix a number of bugs and security issues...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver,...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.82 and fixes atleast the following security issues: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the drive...
Updated firefox packages fix security vulnerability
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...
Updated thunderbird packages fix security vulnerability
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...
Updated heimdal packages fix security vulnerability
Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegationnotallowed aka not-delegated user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. CVE-2019-14870 Joseph Sutton discovered that the Heimdal...
Updated xfce4-settings packages fix security vulnerability
argument injection vulnerability in xfce4-mime-helper from the xfce4-settings package...
Updated leptonica packages fix security vulnerability
This update fixes a denial of service vulnerability in leptonlib. It can be made to crash with an arithmetic exception on specially crafted JPEG files. CVE-2022-38266...
Updated libetpan packages fix security vulnerability
Null pointer dereference in mailimapmailboxdatastatusfree in low-level/imap/mailimaptypes.c. CVE-2022-4121...
Updated couchdb packages fix security vulnerability
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...
Updated krb5 packages fix security vulnerability
Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution in a KDC, kadmin, or GSS or Kerberos application server process, information exposure to a cross-realm KDC acting maliciously, or denial of servi...
Updated python-slixmpp packages fix security vulnerability
Fixes missing certificate hostname validation...
Updated freerdp packages fix security vulnerability
Affected versions of FreeRDP are missing input length validation in 'drive' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. CVE-2022-41877...
Updated golang packages fix security vulnerability
net/http: limit canonical header cache by bytes, not entries bsc1206135 CVE-2022-41717...
Updated libarchive packages fix security vulnerability
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. CVE-2022-36227...
Updated netkit-telnet packages fix security vulnerability
2-byte DoS in netkit-telnetd. CVE-2022-39028...
Updated emacs packages fix security vulnerability
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
Updated nodejs-json-schema packages fix security vulnerability
node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. CVE-2021-3918...