OS: Scientific
spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) SL6 x86_64 spice-glib-0.26-8.el6_10.2.i686.rpm spice-glib-0.26-8.el6_10.2.x86_64.rpm spice-gtk-0.26-8.el6_10.2.i686.rpm spice-gtk-0.26-8.el6_10.2.x86_64.rpm spice-gtk-debuginfo-0.26-8.el6_10.2.i686.rpm spice-gtk-debuginfo-0.26-8.el6_10.2.x86_64.rpm spic [More...] |
kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c [More...] |
ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) * ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195) SL7 x86_64 ipa-client-4.6.5-11.el7_7.4.x86_64.rpm ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm ipa-server-4.6.5-11.el7_7.4.x86_64.rpm ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm noarch ipa-client-co [More...] |
hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) SL7 x86_64 qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm - Scien [More...] |
OS: OpenSuse
An update that fixes 6 vulnerabilities is now available. |
An update that fixes 7 vulnerabilities is now available. |
An update that fixes 6 vulnerabilities is now available. |
An update that fixes 6 vulnerabilities is now available. |
OS: Arch
The package thunderbird before version 68.5.0-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, denial of service and information disclosure. |
The package systemd before version 244.2-1 is vulnerable to privilege escalation. |
The package webkit2gtk before version 2.26.3-1 is vulnerable to arbitrary code execution. |
The package dovecot before version 2.3.9.3-1 is vulnerable to denial of service. |
OS: Redhat
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: Gentoo
Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition. |
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in the arbitrary execution of code. |
OS: Debian LTS
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version |
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version |
debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently |
An denial of service via an algorithmic complexity attack on email address parsing have been identified in libemail-address-list-perl. |
OS: Slackware
New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. |
New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. |
New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. |
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. |
OS: Mageia
Updated flash-player-plugin package fixes a security vulnerability: Type confusion that leads to arbitrary code execution in the context of the current user. (CVE-2020-3757) |
The updated packages fix a security vulnerability: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service |
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. |
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to |
OS: Debian
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (stretch), these problems have been fixed |
Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the stable distribution (buster), this problem has been fixed in |
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For the oldstable distribution (stretch), this problem has been fixed |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0471 |
Upstream details at : https://access.redhat.com/errata/RHSA-2019:2079 |
Upstream details at : https://access.redhat.com/errata/RHSA-2018:2916 |
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0366 |
OS: Ubuntu
Firefox could be made to crash or run programs as your login if it opened a malicious website. |
Several security issues were fixed in libexif. |
Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. |
Several security issues were fixed in libxml2. |
OS: Fedora
Do not evaluate arithmetic expressions from environment variables at startup |
Do not evaluate arithmetic expressions from environment variables at startup |
Fix CVE-2019-20388 and CVE-2020-7595 |
- Update to 73.0 |
OS: Suse
An update that fixes 25 vulnerabilities is now available. |
An update that fixes 5 vulnerabilities is now available. |
An update that fixes 5 vulnerabilities is now available. |
An update that fixes 7 vulnerabilities is now available. |