6011 matches found
Updated java packages fix security vulnerability
OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...
Updated python-coookiecutter packages fix security vulnerability
Command Injection via hg argument CVE-2022-24065...
Updated gnupg2 packages fix security vulnerability
In unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line. CVE-2022-34903...
Updated gerbv packages fix security vulnerability
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. CVE-2021-40391 An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling...
Updated pgadmin4 packages fix security vulnerability
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. CVE-2022-0959 In addition,...
Updated x11-server packages fix security vulnerabilities
Updated x11-server packages fix security vulnerabilities: ProcXkbSetGeometry Out-Of-Bounds Access. The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write CVE-2022-2319. ProcXkbSetDeviceInfo...
Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.36.4, fixing several security issues and other bugs...
Updated openssl packages fix security vulnerability
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
Updated ruby-rack packages fix security vulnerability
Crafted multipart POST request may cause a DoS CVE-2022-30122 Crafted requests can cause shell escape sequences CVE-2022-30123...
Updated cyrus-imapd packages fix security vulnerability
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. CVE-2021-33582...
Updated ruby-git packages fix security vulnerability
Command Injection via git argument injection CVE-2022-25648...
Updated squid packages fix security vulnerability
Denial of Service in Gopher Processing. CVE-2021-46784...
Updated curl packages fix security vulnerability
Set-Cookie denial of service. CVE-2022-32205 HTTP compression denial of service. CVE-2022-32206 Unpreserved file permissions. CVE-2022-32207 FTP-KRB bad message verification. CVE-2022-32208...
Updated thunderbird packages fix security vulnerability
A popup window could be resized in a way to overlay the address bar with web content. CVE-2022-34479 Use-after-free in nsSHistory. CVE-2022-34470 CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI. CVE-2022-34468 An email with a mismatching OpenPGP signature...
Updated firefox packages fix security vulnerability
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution CVE-2022-2200. An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing...
Updated python-pyjwt packages fix security vulnerability
An attacker submitting the JWT token can choose the used signing algorithm CVE-2022-29217...
Updated openssl packages fix security vulnerability
The crehash script allows command injection. CVE-2022-2068...
Updated python-bottle packages fix security vulnerability
Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-21123. Incomplete...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.50 and fixes at least the following security issues: Incomplete cleanup of multi-core shared buffers for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access CVE-2022-21123. Incomplet...
Updated 389-ds-base packages fix security vulnerability
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. CVE-2022-2156 Use after free in Interest groups. CVE-2022-2157 Type Confusion in V8. CVE-2022-2158 Insufficient policy enforcement ...
Updated libtiff packages fix security vulnerability
Heap-buffer-overflow in TIFFReadRawDataStriped in tiffinfo.c. CVE-2022-1354 Stack-buffer-overflow in tiffcp.c in main. CVE-2022-1355 Out-of-bounds read in LZWDecode. CVE-2022-1622, CVE-2022-1623...
Updated exo packages fix security vulnerability
Changed to prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
Updated php packages fix security vulnerability
CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...
Updated halibut packages fix security vulnerability
Use-after-free in cleanupindex in index.c CVE-2021-42612 Double free in cleanupindex in index.c CVE-2021-42613 Use-after-free in infowidthinternal in bkinfo.c CVE-2021-42614...
Updated bluez packages fix security vulnerability
It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code...
Updated dnsmasq packages fix security vulnerability
A write after free has been discovered in DHCPv6 code. A special request could be crafted to modify already freed memory. CVE-2022-0934...
Updated exempi packages fix security vulnerability
XMP Toolkit SDK versions 2020.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...
Updated golang packages fix security vulnerability
crypto/tls: session tickets lack random ticketageadd. Session tickets generated by crypto/tls did not contain a randomly generated ticketageadd. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...
Updated chromium-browser-stable packages fix security vulnerability
The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. CVE-2022-2007 Out of bounds memory access in WebGL. CVE-2022-2008 Out of bounds read in compositing. CVE-2022-2010 Use after fre...
Updated apache packages fix security vulnerability
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
Updated docker-containerd packages fix security vulnerability
A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. CVE-2022-31030...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86: avoid calling x86 emulator without a decoded instruction CVE-2022-1852. A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nftablesapi.c. Th...
Updated nats-server packages fix security vulnerability
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...
Updated php-smarty packages fix security vulnerability
Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.46 and fixes at least the following security issues: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID CVE-2022-1789. KVM: x86: avoid calling x86 emulator without a decoded instruction CVE-2022-1852. A use-after-free vulnerability was...
Updated python-pypdf2 packages fix security vulnerability
Infinite loop with manipulated inline images CVE-2022-24859...
Updated python-ujson packages fix security vulnerability
Benchmark refactor - argparse CLI. Fix segmentation faults when errors occur while handling unserialisable objects. Fix segmentation fault when an exception is raised while converting a dict key to a string. Fix memory leak dumping on non-string dict keys - Fix ref counting on repeated default...
Updated vim packages fix security vulnerability
out-of-bounds read in gcharcursor in misc1.c CVE-2022-1851 use-after-free in findpatterninpath in search.c CVE-2022-1898 out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 out of bounds write in vimregsubboth CVE-2022-1942...
Updated firefox/nss/nspr packages fix security vulnerability
A malicious website could have learned the size of a cross-origin resource that supported Range requests CVE-2022-31736. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash CVE-2022-31737. When exiting fullscreen...
Updated thunderbird packages fix security vulnerability
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...
Updated trojita packages fix security vulnerability
An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If...
Updated webmin packages fix security vulnerability
Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...
Updated logrotate packages fix security vulnerability
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an...
Updated webkit2 packages fix security vulnerability
Updated webkit2 packages fix several crashes and rendering issues. WSA-2022-0005...
Updated gimp packages fix security vulnerability
GIMP 2.10 is vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. CVE-2022-30067...
Updated mariadb packages fix security vulnerability
Some security vulenarbilities have been fixed. Some bigger bugs in optimizer and replication engine have been found and fixed. See release notes for details...
Updated golang packages fix security vulnerability
The syscall.Faccessat function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group. CVE-2022-29526...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this...