Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash (CVE-2023-25751). When accessing throttled streams, the count of available bytes needed to be
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. (CVE-2023-1127) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. (CVE-2023-1170) Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723) Large handshake records may cause panics in crypto/tls. (CVE-2022-41724) Denial of service from excessive resource consumption in net/http and
Multiple out-of-bounds read when decoding NTLM fields. (CVE-2023-25563) Memory corruption when decoding UTF16 strings. (CVE-2023-25564) Incorrect free when decoding target information. (CVE-2023-25565) Memory leak when parsing usernames. (CVE-2023-25566) Out-of-bounds read when decoding target information. (CVE-2023-25567)
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. (CVE-2004-0947) Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files)
Open redirect (CVE-2021-23385) References: - https://bugs.mageia.org/show_bug.cgi?id=31069 - https://lists.suse.com/pipermail/sle-security-updates/2022-November/012786.html
Denial of service using crafted input. (CVE-2022-40152) References: - https://bugs.mageia.org/show_bug.cgi?id=31665 - https://lists.suse.com/pipermail/sle-security-updates/2023-March/013995.html
Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. (CVE-2023-1350)
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in
A potential buffer overflow exists in the file src/w_help.c at line 55. Specifically, the length of the string returned by getenv("LANG") may become very long and cause a buffer overflow while executing the sprintf() function. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Some mod_proxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. (CVE-2023-26081) References:
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. (CVE-2022-45142)
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. (CVE-2022-46648, CVE-2022-47318)
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. (CVE-2023-24038) References:
The program plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. (CVE-2022-24407) References: - https://bugs.mageia.org/show_bug.cgi?id=31430
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. (CVE-2022-46908)
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. (CVE-2022-46908)
libde265 has been updated to version 1.0.11 to fix many security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=31289 - https://www.debian.org/lts/security/2022/dla-3240
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
