CVEMAP.ORG: Vulnerabilities & Exposures
OS: Slackware
New libarchive packages are available for Slackware 15.0 and -current to fix security issues. |
New netatalk packages are available for Slackware 15.0 and -current to fix security issues. |
New python3 packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. |
OS: Mageia
Vanilla upstream kernel version 6.6.50 fix bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33552 |
Upstream kernel version 6.6.50 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. |
Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. (CVE-2024-20505) Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system |
CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow |
OS: Debian LTS
Multiple vulnerabilities were found in expat, an XML parsing C library, which could lead to Denial of Service, memory corruption or arbitrary code execution. |
Two issues have been found in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy. They are related to an use after free in header parsing of GTTP |
A vulnerability was discovered in MariaDB, a SQL database server compatible with MySQL. An attacker could generate a malicious dump file which could execute shell commands from the MariaDB client. |
A new stable version was released for galera-4, a synchronous multimaster replication engine for MySQL and MariaDB. This fixes several issues detailed at: |
OS: Suse
* bsc#1220145 * bsc#1220832 * bsc#1221302 * bsc#1222685 * bsc#1223059 |
* bsc#1221302 * bsc#1223059 * bsc#1223363 * bsc#1223514 * bsc#1223521 |
* bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 |
* bsc#1219494 * bsc#1226892 * bsc#1226897 * bsc#1226898 * bsc#1226899 |
OS: Fedora
Fix for CVE-2024-44070 |
Update to upstream 2.1-45. 20240910 Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x35 up to 0x36; Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36; |
Update to upstream 2.1-45. 20240910 Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x35 up to 0x36; Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36; |
update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill |
OS: Gentoo
Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service. |
Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service. |
A vulnerability has been discovered in dpkg, which allows for directory traversal. |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957 |
Exploit-DB.com
OS: OpenSuse
An update that solves four vulnerabilities and has one errata is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes four vulnerabilities is now available. |
OS: Scientific
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team |
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team |
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...] |
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team |
OS: Rocky
Moderate: kernel security update |
Important: kernel security update |
Important: tomcat security update |
Important: postgresql:16 security update |
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
NIST Vulnerability Database
NIST Vulnerability Database
OS: Arch
The package openssh before version 9.8p1-1 is vulnerable to authentication bypass. |
The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. |
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Debian
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. |
Yufan You discovered that Libreoffice's handling of documents based on ZIP archives was suspectible to spoofing attacks when the repair mode attempts to address a malformed archive structure. |
Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed. For the stable distribution (bookworm), this problem has been fixed in |
Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code. |
OS: Ubuntu
PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object. |
Several security issues were fixed in Emacs. |
Several security issues were fixed in Python. |
tgt could be made to generate identical sequence of challenges. |