An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS (CVE-2023-37201). Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment
Fixed SOAP bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247) References: - https://bugs.mageia.org/show_bug.cgi?id=32075
Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. (CVE-2023-32700) References: - https://bugs.mageia.org/show_bug.cgi?id=31952
Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. (CVE-2021-32055) Overflow in uudecoder in Mutt allows read past end of input line (CVE-2022-1328)
Out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend (CVE-2021-45930) QtSvg QSvgFont m_unitsPerEm initialization is mishandled. (CVE-2023-32573)
No longer use http (non-SSL) repository references by default. References: - https://bugs.mageia.org/show_bug.cgi?id=28924 - https://www.openwall.com/lists/oss-security/2021/04/23/5
Details not available at this time. (CVE-2022-48503) Memory corruption issue may lead to arbitrary code execution (CVE-2023-32435) Type confusion issue may lead to arbitrary code execution (CVE-2023-32439)
Denial of service due to integer overflow (CVE-2022-28041) References: - https://bugs.mageia.org/show_bug.cgi?id=32055 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/SEQGDVH43YW7AG7TRU2CTU5TMIYP27WP/
Code injection via go command with cgo in cmd/go (CVE-2023-29402) Ignoring setuid/setgid bits. (CVE-2023-29403) Arbitrary code execution (CVE-2023-29404) Arbitrary code execution (CVE-2023-29405)
