115915 matches found
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: xorg-x11-server security update
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow
A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...
os: golang: Go os.Root: Symlink following vulnerability allows directory traversal
A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...
Important: Red Hat Security Advisory: buildah security update
An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files
A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...
OpenEXR: OpenEXR: Arbitrary code execution via integer overflow in image resizing
A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An integer overflow vulnerability exists in the ImageChannel::resize function, which can be triggered when processing a specially crafted OpenEXR image file through the OpenEXRUtil public API. This can...
Important: Red Hat Security Advisory: openexr security update
An update for openexr is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
os: golang: Go os.Root: Symlink following vulnerability allows directory traversal
A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...
Important: Red Hat Security Advisory: podman security update
An update for podman is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...
Moderate: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: Red Hat Security Advisory: perl-DBI security update
An update for perl-DBI is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution
A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary...
X.org: xorg-x11-server: GLX contextTags Use-After-Free in CommonMakeCurrent()
A flaw was found in the X.org X11 server, specifically within the GLX OpenGL Extension to the X Window System dispatch layer. A remote attacker can exploit this vulnerability by sending a series of crafted X11 requests. This can lead to a use-after-free condition, where the server attempts to wri...
xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow
A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...
Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby3.4: ruby3.4-3.4.10-31.hum1 aarch64, x8664 ruby3.4-bundled-gems-3.4.10-31.hum1 aarch64, x8664 ruby3.4-default-gems-3.4.10-31.hum1 noarch ruby3.4-devel-3.4.10-31.hum1 aarch64, x8664...
xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow
A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...
Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: plexus-utils security update
An update for plexus-utils is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...
gimp: GIMP: Arbitrary code execution via heap-based buffer overflow in HDR file parsing
A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of HDR High Dynamic Range files due to insufficient validation of user-supplied data length. A remote attacker could exploit this by convincing a user to open a specially crafted malicious file,...
Important: Red Hat Security Advisory: gegl security update
An update for gegl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...
Important: Red Hat Security Advisory: tomcat security, bug fix, and enhancement update
An update for tomcat is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass
A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...
os: golang: Go os.Root: Symlink following vulnerability allows directory traversal
A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...
Important: Red Hat Security Advisory: buildah security update
An update for buildah is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
firefox: thunderbird: Incorrect boundary conditions in the Internationalization component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Internationalization component...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Networking component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Privilege escalation in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Graphics: WebRender component...
firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Firefox ESR 140.12...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
firefox: thunderbird: Sandbox escape in the DOM: Navigation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
firefox: thunderbird: Use-after-free in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume...
firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...