Lucene search

K

FFRI Security, Inc. Security Vulnerabilities

almalinux
almalinux

Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) For...

5.5CVSS

6.8AI Score

0.001EPSS

2024-05-22 12:00 AM
4
almalinux
almalinux

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

6.8AI Score

0.0005EPSS

2024-05-23 12:00 AM
3
almalinux
almalinux

Moderate: motif security update

The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM...

5.5CVSS

6.4AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...

6.8CVSS

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
almalinux
almalinux

Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
oraclelinux
oraclelinux

zziplib security update

[0.13.68-13] - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 [0.13.68-12] - Add the gating tests from the 8.8.0 branch Resolves: RHEL-24429 [0.13.68-11] - Use /usr/libexec/platform-python macro during the config phase (used for doc generation) Resolves:...

5.5CVSS

7AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
oraclelinux
oraclelinux

freeglut security update

[3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves:...

7.5CVSS

6.9AI Score

0.001EPSS

2024-05-23 12:00 AM
2
oraclelinux
oraclelinux

pmix security update

[2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves:...

8.1CVSS

6.9AI Score

0.001EPSS

2024-05-23 12:00 AM
2
oraclelinux
oraclelinux

libssh security update

[0.9.6-14] - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...

5.3CVSS

8AI Score

0.001EPSS

2024-05-23 12:00 AM
2
oraclelinux
oraclelinux

poppler security update

[21.01.0-11] - Fix crashes in FoFiType1C - Rebuild for inclusion of poppler-glib-doc in CRB - Resolves: RHEL-4255, RHEL-4273 [21.01.0-10] - Check XRef's Catalog for being a Dict - Resolves: #2189816 [20.11.0-9] - Check isDict before calling getDict 2 - Resolves: #2189837 [20.11.0-8] - Check isDict....

5.5CVSS

7.5AI Score

0.001EPSS

2024-05-23 12:00 AM
1
oraclelinux
oraclelinux

ghostscript security update

[9.27-12] - fix to prevent divison by zero in devices - Resolves:...

5.5CVSS

6.8AI Score

0.001EPSS

2024-05-23 12:00 AM
3
freebsd
freebsd

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: [341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on...

8.8CVSS

7.1AI Score

0.003EPSS

2024-05-23 12:00 AM
oraclelinux
oraclelinux

python3.11 security update

[3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves:...

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-23 12:00 AM
3
osv
osv

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s),...

7.8CVSS

7AI Score

0.001EPSS

2024-05-22 12:00 AM
1
debian
debian

[SECURITY] [DLA 3817-1] thunderbird security update

Debian LTS Advisory DLA-3817-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 20, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.11.0-1~deb10u1 CVE...

7.4AI Score

0.0004EPSS

2024-05-20 08:15 AM
osv
osv

Important: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fix(es): less: OS command injection...

6.8AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
osv
osv

Symfony XXE security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 12:49 AM
1
osv
osv

redmine - security update

Bulletin has no...

6.1CVSS

6.7AI Score

0.0005EPSS

2024-05-24 12:00 AM
150
osv
osv

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...

8.1CVSS

8AI Score

0.001EPSS

2023-07-11 10:45 PM
74
cve
cve

CVE-2023-5700

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been...

9.8CVSS

9.7AI Score

0.001EPSS

2023-10-23 12:15 AM
26
cve
cve

CVE-2023-5681

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.2CVSS

7.2AI Score

0.001EPSS

2023-10-20 09:15 PM
29
github
github

Symfony XXE security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 12:49 AM
1
osv
osv

chromium - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-05-22 12:00 AM
7
osv
osv

python-pymysql - security update

Bulletin has no...

7.2AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
oraclelinux
oraclelinux

389-ds-base security update

[2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-06-12 12:00 AM
2
oraclelinux
oraclelinux

pam security update

[1.3.1-33] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21242 [1.3.1-32] - pam_access: handle hostnames in access.conf. Resolves: RHEL-3374 [1.3.1-31] - pam_faillock: create tallydir before creating tallyfile. Resolves:...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-23 12:00 AM
oraclelinux
oraclelinux

webkit2gtk3 security update

[2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3961 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3961 Resolves: RHEL-19365 [2.42.3-1] - Update to 2.42.3 Resolves: RHEL-3961 [2.42.2-1] - Update to 2.42.2 Resolves: RHEL-3961 [2.42.1-1] - Update to 2.42.1 Resolves: RHEL-3961 [2.42.0-1] -...

9.8CVSS

7.4AI Score

0.017EPSS

2024-05-23 12:00 AM
5
cve
cve

CVE-2010-5179

Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory....

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
21
4
cve
cve

CVE-2010-5176

Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
osv
osv

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
almalinux
almalinux

Important: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

7.8CVSS

6.8AI Score

0.0005EPSS

2024-05-22 12:00 AM
3
osv
osv

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

5.3CVSS

6.3AI Score

0.001EPSS

2024-05-22 12:00 AM
1
osv
osv

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): openssh: scp allows command injection when using backtick characters in the destination...

7.8CVSS

7.1AI Score

0.004EPSS

2024-05-22 12:00 AM
4
almalinux
almalinux

Moderate: gmp security update

The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fix(es): gmp: Integer overflow and resultant buffer overflow via crafted input (CVE-2021-43618) For more details about the security...

7.5CVSS

7.3AI Score

0.005EPSS

2024-05-22 12:00 AM
4
osv
osv

Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.4AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
almalinux
almalinux

Moderate: freeglut security update

freeglut is a completely open source alternative to the OpenGL Utility Toolkit (GLUT) library with an OSI approved free software license. Security Fix(es): freeglut: memory leak via glutAddSubMenu() function (CVE-2024-24258) freeglut: memory leak via glutAddMenuEntry() function (CVE-2024-24259) ...

7.5CVSS

6.2AI Score

0.001EPSS

2024-05-22 12:00 AM
2
osv
osv

Important: pmix security update

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...

8.1CVSS

6.5AI Score

0.001EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: libXpm security update

X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.4AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
oraclelinux
oraclelinux

git-lfs security update

[3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves:...

7.4AI Score

0.0004EPSS

2024-05-29 12:00 AM
2
almalinux
almalinux

Important: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) EDK2: heap...

8.8CVSS

6.8AI Score

0.006EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: tigervnc security update

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....

4.7CVSS

6.3AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
osv
osv

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-05-22 12:00 AM
osv
osv

Moderate: poppler security update

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): poppler: NULL pointer dereference in FoFiType1C::convertToType1 (CVE-2020-36024) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.4AI Score

0.001EPSS

2024-05-22 12:00 AM
osv
osv

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

6.3AI Score

0.0005EPSS

2024-05-23 12:00 AM
1
osv
osv

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852) webkitgtk:...

9.8CVSS

8.2AI Score

0.017EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

5.9CVSS

6.6AI Score

0.001EPSS

2024-05-22 12:00 AM
3
osv
osv

Moderate: pam security update

Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
osv
osv

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065) For more details about the security issue(s), including the impact, a CVSS score,...

7.8CVSS

6.8AI Score

0.001EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS

6.9AI Score

0.002EPSS

2024-05-22 12:00 AM
1
almalinux
almalinux

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)...

5.8CVSS

6.6AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
Total number of security vulnerabilities2563931