NIST Vulnerability Database
OS: Fedora
Update to shim-15.8 |
Update to shim-15.8 |
Update to shim-15.8 |
upstream security release 122.0.6261.128 High CVE-2024-2400: Use after free in Performance Manager |
OS: Ubuntu
Vim could be made to crash if it opened a specially crafted file. |
Bash could be made to crash or run programs as your login if it opened a specially crafted file. |
Several security issues were fixed in OpenJDK 8. |
Expat could be made to crash if it received specially crafted input. |
OS: Arch
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-hardened before version 5.19.15.hardened2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Mageia
It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757) |
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly |
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. (CVE-2018-16384) Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a |
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. (CVE-2020-36518) In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the |
OS: OpenSuse
An update that fixes 12 vulnerabilities is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes one vulnerability is now available. |
NIST Vulnerability Database
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0976 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0857 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:5616 |
OS: Suse
* bsc#1219465 Cross-References: * CVE-2023-3966 |
* bsc#1213590 * bsc#1214686 * bsc#1214687 * bsc#1221187 * bsc#960589 |
* bsc#1211515 * bsc#1213456 * bsc#1214064 * bsc#1218195 * bsc#1218216 |
* bsc#1194869 * bsc#1206453 * bsc#1209412 * bsc#1213456 * bsc#1216776 |
OS: Scientific
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team |
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team |
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...] |
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team |
OS: Gentoo
Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. |
Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. |
A vulnerability has been discovered in Tox which may lead to remote code execution. |
A vulnerability has been found in PyYAML which can lead to arbitrary code execution. |
OS: Debian LTS
A couple of vulnerabilities were found in zfs-linux. CVE-2013-20001 |
Multiple vulnerabilities were found in Cacti, a network monitoring system. An attacker could manipulate the database, execute code remotely, launch DoS (denial-of-service) attacks or impersonate Cacti users, in some situations. |
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands. |
curl was affected by a path traversal vulnerability. SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate |
OS: Debian
It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should |
Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service. |
Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. |
It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. |
OS: Slackware
New expat packages are available for Slackware 15.0 and -current to fix a security issue. |
New ghostscript packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. |
New wpa_supplicant packages are available for Slackware 15.0 and -current to fix a security issue. |
Exploit-DB.com
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: Rocky
Important: nodejs security and bug fix update |
Important: bind security update |
Important: mariadb:10.5 security update |
Important: kernel-rt security and bug fix update |