OS: Fedora
sosreport: Fix command injection with crafted report names [CVE-2024-2947] |
Fix for CVE-2024-31497 |
Fix for CVE-2024-31497 |
New upstream release (125.0) |
OS: OpenSuse
This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: |
This update for nodejs16 fixes the following issues: CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server |
This update for nodejs16 fixes the following issues: CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server |
This update for nodejs18 fixes the following issues: Update to 18.20.1 |
OS: Debian
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 |
Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. |
The update of cockpit released in DSA 5655-1 did not correctly built binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem. |
OS: Ubuntu
GNU C Library could be made to crash or run programs if it processed specially crafted data. |
Several security issues were fixed in Apache HTTP Server. |
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
OS: Arch
The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. |
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Gentoo
A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. |
Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. |
Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. |
A vulnerability has been discovered in Tox which may lead to remote code execution. |
OS: Debian LTS
This update includes the changes in tzdata 2024a for the Perl bindings. For the list of changes, see DLA-3789-1. For Debian 10 buster, this problem has been fixed in version |
This update includes the changes in tzdata 2024a. Notable changes are: - - Kazakhstan unifies on UTC+5 beginning 2024-03-01. |
Multiple vulnerabilities have been fixed in the Xorg X server. CVE-2024-31080 |
A buffer overflow in _imagingcms.c was fixed in Pillow, an image processing library for Python. For Debian 10 buster, this problem has been fixed in version |
NIST Vulnerability Database
Exploit-DB.com
OS: Mageia
The updated packages fix missing requires for puppet and fix commands in systemd units. References: - https://bugs.mageia.org/show_bug.cgi?id=29710 |
CVE-2023-44271 Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. CVE-2024-28219 A buffer overflow exists because strcpy is used instead |
Core: - Corrupted memory in destructor with weak references - GC does not scale well with a lot of objects created in destructor DOM: - Add some missing ZPP checks. |
Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957 |
OS: Rocky
Moderate: ruby:3.1 security, bug fix, and enhancement update |
Important: kernel-rt security and bug fix update |
Important: grafana security and bug fix update |
Important: grafana-pcp security and bug fix update |
CVEMAP.ORG: Vulnerabilities & Exposures
NIST Vulnerability Database
OS: Scientific
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team |
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team |
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...] |
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team |
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: Slackware
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. |
New less packages are available for Slackware 15.0 and -current to fix a security issue. |
New php packages are available for Slackware 15.0 and -current to fix security issues. |
OS: Suse
* bsc#1221172 Cross-References: * CVE-2024-2044 |
* bsc#1194869 * bsc#1200465 * bsc#1205316 * bsc#1207948 * bsc#1209635 |
* bsc#1194869 * bsc#1200465 * bsc#1205316 * bsc#1207948 * bsc#1209635 |
* bsc#1194869 * bsc#1200465 * bsc#1205316 * bsc#1207948 * bsc#1209635 |