Exploit-DB.com
NIST Vulnerability Database
OS: Arch
The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. |
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Debian
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 |
Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. |
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 |
Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. |
OS: Gentoo
A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. |
Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. |
Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. |
A vulnerability has been discovered in Tox which may lead to remote code execution. |
OS: Suse
* bsc#1220181 Cross-References: * CVE-2024-24476 |
* bsc#1222244 * bsc#1222384 Cross-References: * CVE-2024-27982 |
* bsc#1222244 * bsc#1222384 Cross-References: * CVE-2024-27982 |
* bsc#1220181 Cross-References: * CVE-2024-24476 |
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Slackware
New glibc packages are available for Slackware 15.0 and -current to fix a security issue. |
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. |
New less packages are available for Slackware 15.0 and -current to fix a security issue. |
OS: Scientific
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team |
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team |
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...] |
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team |
OS: Rocky
Moderate: ruby:3.1 security, bug fix, and enhancement update |
Important: kernel-rt security and bug fix update |
Important: grafana security and bug fix update |
Important: grafana-pcp security and bug fix update |
OS: Debian LTS
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. |
This update includes the changes in tzdata 2024a for the Perl bindings. For the list of changes, see DLA-3789-1. For Debian 10 buster, this problem has been fixed in version |
This update includes the changes in tzdata 2024a. Notable changes are: - - Kazakhstan unifies on UTC+5 beginning 2024-03-01. |
Multiple vulnerabilities have been fixed in the Xorg X server. CVE-2024-31080 |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957 |
NIST Vulnerability Database
OS: Ubuntu
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
OS: OpenSuse
An update that fixes one vulnerability is now available. |
This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: |
This update for nodejs16 fixes the following issues: CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server |
This update for nodejs16 fixes the following issues: CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server |
OS: Fedora
WordPress 6.4.4 Security Release Security updates included in this release A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research. |
PHP version 8.2.18 (11 Apr 2024) Core: Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) |
Security fix for CVE-2024-24576 (Windows command injection) |
Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows. |
OS: Mageia
The updated packages fix missing requires for puppet and fix commands in systemd units. References: - https://bugs.mageia.org/show_bug.cgi?id=29710 |
CVE-2023-44271 Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. CVE-2024-28219 A buffer overflow exists because strcpy is used instead |
Core: - Corrupted memory in destructor with weak references - GC does not scale well with a lot of objects created in destructor DOM: - Add some missing ZPP checks. |
Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive |
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |