It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users’ email (CVE-2020-24386). Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME
Avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing. Avoid theoretical buffer overflow in RC4 loop comparison.
Code was executed even if noexec ("-n") was specified. (bdo#58288 / bsc#1178978) References: - https://bugs.mageia.org/show_bug.cgi?id=27655
The vlc package has been updated to version 3.0.12.1, which includes security enhancements in the web interface, as well as other fixes and enhancements. See the upstream NEWS file for details.
There is a floating point exception in dcraw_common.cpp of libRAW. It will lead to remote denial of service attack. This code is embedded in rawtherapee (CVE-2017-13735). References:
Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user (CVE-2020-16125).
libxml2 v2.9.10 and earlier has a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c (CVE-2020-24977). References: - https://bugs.mageia.org/show_bug.cgi?id=27300
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there (CVE-2020-11867).
It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue (CVE-2020-12695).
