Find the information you need for your favorite open source distribution .
ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755) SL7 x86_64 libguestfs-winsupport-7.2-3.el7.x86_64.rpm - Scientific Linux Development Team
curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842) SL7 x86_64 curl-7.29.0-54.el7.x86_64.rpm libcurl-7.29.0-54.el7.x86_64.rpm libcurl-7.29.0-54.el7.i686.rpm libcurl-devel-7.29.0-54.el7.x86_64.rpm libcurl-devel-7.29.0-54.el7.i686.rpm curl-debuginfo-7.29.0-54.el7.i686.rpm curl-debuginfo-7.29.0-54.el7.x86_64.rpm - Scientific Linux [More...]
patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952) SL7 x86_64 patch-2.7.1-11.el7.x86_64.rpm patch-debuginfo-2.7.1-11.el7.x86_64.rpm - Scientific Linux Development Team
ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) SL7 x86_64 ntpdate-4.2.6p5-29.el7.x86_64.rpm ntp-4.2.6p5-29.el7.x86_64.rpm ntp-doc-4.2.6p5-29.el7.noarch.rpm sntp-4.2.6p5-29.el7.x86_64.rpm ntp-perl-4.2.6p5-29.el7.noarch.rpm ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm noarch ntp-doc-4.2.6p5-29.el7.noarch. [More...]
python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) SL7 x86_64 python-urllib3-1.10.2-7.el7.noarch.rpm noarch python-urllib3-1.10.2-7.el7.noarch.rpm - Scientific Linux Developme [More...]
python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) SL7 x86_64 python-requests-2.6.0-5.el7.noarch.rpm noarch python-requests-2.6.0-5.el7.noarch.rpm - Scientific Linux Development Team
sox: NULL pointer dereference in startread function in xa.c (CVE-2017-18189) SL7 x86_64 sox-14.4.1-7.el7.x86_64.rpm sox-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.i686.rpm sox-devel-14.4.1-7.el7.x86_64.rpm sox-debuginfo-14.4.1-7.el7.i686.rpm sox-debuginfo-14.4.1-7.el7.x86_64.rpm - Scientific Linux Development Team
keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044) SL7 x86_64 keepalived-1.3.5-16.el7.x86_64.rpm keepalived-debuginfo-1.3.5-16.el7.x86_64.rpm - Scientific Linux Development Team
polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) SL7 x86_64 polkit-devel-0.112-22.el7.x86_64.rpm polkit-docs-0.112-22.el7.noarch.rpm polkit-0.112-22.el7.x86_64.rpm polkit-0.112-22.el7.i686.rpm polkit-devel-0.112-22.el7.i686.rpm polkit-debuginfo-0.112-22.el7.i686.rpm polkit-debuginfo-0.112-22.el7.x86_64.rpm n [More...]
blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) SL7 x86_64 blktrace-1.0.5-9.el7.x86_64.rpm blktrace-debuginfo-1.0.5-9.el7.x86_64.rpm - Scientific Linux Development Team
mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346) SL7 x86_64 mercurial-2.6.2-10.el7.x86_64.rpm emacs-mercurial-el-2.6.2-10.el7.x86_64.rpm emacs-mercurial-2.6.2-10.el7.x86_64.rpm mercurial-hgk [More...]
unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409) * unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) SL7 x86_64 unixODBC-devel-2.3.1-14.el7.x86_64.rpm unixODBC-2.3.1-14.el7.i686.rpm unixODBC-devel-2.3.1-14.el7.i686.rpm unixODBC-2.3.1-14.el7.x86_64.rpm [More...]
libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp (CVE-2018-19208) SL7 x86_64 libwpd-0.10.0-2.el7.i686.rpm libwpd-0.10.0-2.el7.x86_64.rpm libwpd-doc-0.10.0-2.el7.noarch.rpm libwpd-devel-0.10.0-2.el7.i686.rpm libwpd-tools-0.10.0-2.el7.x86_64.rpm libwpd-devel-0.10.0-2.el7.x86_64.rpm libwpd-debuginfo-0.10.0-2. [More...]
zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) SL7 x86_64 zsh-5.0.2-33.el7.x86_64.rpm zsh-html-5.0.2-33.el7.x86_64.rpm zsh-debuginfo-5.0.2-33.el7.x86_64.rpm - Scientific Linux Development Team
advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) SL7 x86_64 advancecomp-1.15-21.el7.x86_64.rpm advancecomp-debuginfo-1.15-21.el7.x86_64.rpm - Scientific Linux Development Team
* uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198) * uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199)
openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SL6 x86_64 openssl-1.0.1e-58.el6_10.i686.rpm openssl-1.0.1e-58.el6_10.x86_64.rpm openssl-debuginfo-1.0.1e-58.el6_10.i686.rpm openssl- [More...]
Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more d [More...]
icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite (CVE-2019-10182) * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (CVE-2019-10185) * icedtea-web: unsigned code injection in a signed JAR file (CVE-2019-10181) SL7 x86_64 icedtea-web-1.7.1-2.el7_6.x86_64.rpm icedtea- [More...]
kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_ [More...]
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
