LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak (CVE-2021-32810).
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Restrict frame embedding to same origin References: - https://bugs.mageia.org/show_bug.cgi?id=29518 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/XQLK6K2XNAT4GT54IRSTVXU2RMN6V3YB/
A crafted WebSocket frame could result in a crash in the weechat Relay plugin. References: - https://bugs.mageia.org/show_bug.cgi?id=29513 - https://www.debian.org/lts/security/2021/dla-2770
Unsafe use of strncpy. (rhbz#1932066) References: - https://bugs.mageia.org/show_bug.cgi?id=29493 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/7WQQBJ424DJMGRN6HI2OEMSSZ5XBG5ZH/
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if
Multiple security fixes for nodejs. See references for details References: - https://bugs.mageia.org/show_bug.cgi?id=29365 - https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field (CVE-2019-20790). OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication
The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The
This kernel-linus update is based on upstream 5.10.70 and fixes atleast the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid
This kernel update is based on upstream 5.10.70 and fixes atleast the following security issues: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid
The updated sqlite packages fix a security vulnerability: Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page (CVE-2021-30569).
Denial of service when identifying crafted invalid RFCs Security fix for CVE-2021-3737: python client can enter an infinite loop on a 100 Continue response from the server References:
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. (CVE-2020-25658) References:
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30535) References:
In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. (CVE-2021-32786)