Find the information you need for your favorite open source distribution .
Yu Zhang and Nanyu Zhong discovered several vulnerabilities in net-snmp, a suite of Simple Network Management Protocol applications, which could result in denial of service or the execution of arbitrary code.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32893
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
Two security issues have been discovered in ndpi: deep packet inspection library.
Multiple security issues have been found in puma, a web server for ruby/rack applications. CVE-2021-29509
It was discovered that in Exim, a mail transport agent, handling an e-mail can cause a heap-based buffer overflow in some situations. An attacker can cause a denial-of-service (DoS) and possibly execute arbitrary code.
open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047
KiCad is a suite of programs for the creation of printed circuit boards. It includes a schematic editor, a PCB layout tool, support tools and a 3D viewer to display a finished & fully populated PCB.
A command injection vulnerability was found in FreeCAD, a parametric 3D modeler, when importing DWG files with crafted filenames. For Debian 10 buster, this problem has been fixed in version
Julian Gilbey discovered that schroot, a tool allowing users to execute commands in a chroot environment, had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
Several issues were discovered in Epiphany, the GNOME web browser, allowing XSS attacks by malicious websites, or memory corruption and application crash by a page with a very long title.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32792
Sven Klemm found that some extensions in the PostgreSQL database system could replace objects not belonging to the extension. An attacker could leverage this to run arbitrary commands as another user.
It was discovered that libtirpc, a transport-independent RPC library, does not properly handle idle TCP connections. A remote attacker can take advantage of this flaw to cause a denial of service.
Two issues were found in GnuTLS, a library implementing the TLS and SSL protocols. A remote attacker could take advantage of these flaws to cause an application using the GnuTLS library to crash (denial of service), or potentially, to execute arbitrary code.
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Jan-Niklas Sohn discovered two out of bound memory writes in X.Org Server's ProcXkbSetGeometry and ProcXkbSetDeviceInfo Xkb extensions. These issues could be exploited by an attacker to cause denial of service, privilege escalation or arbitrary code execution.
Several security vulnerabilities have been discovered in isync, an IMAP and MailDir mailbox synchronizer. An malicious attacker who can control an IMAP server may exploit these flaws for remote code execution.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
