In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. (CVE-2023-24056)
Chromium updated Chromium to 110.0.5481.177 to fix vulnerabilities including [CVE-2023-0927] Use after free in Web Payments API. [CVE-2023-0928] Use after free in SwiftShader. [CVE-2023-0929] Use after free in Vulkan. [CVE-2023-0930] Heap buffer overflow in Video.
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. (CVE-2022-47024)
Remote code execution using crafted PFS filesystem. (CVE-2022-4510) References: - https://bugs.mageia.org/show_bug.cgi?id=31375 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/M2TTCIDC6ZNFMU5XFFFDFZEBHO2CU5NG/
Privilege escalation (CVE-2021-3020) and other fixes. References: - https://bugs.mageia.org/show_bug.cgi?id=29047 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/BNDVFBI7G272LNZ2QQZ4MY56KX2J4C36/
The config_sortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. (CVE-2022-47516) References:
Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. (CVE-2023-23931)
The config_sortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. (CVE-2022-4904) References:
A possible remote code execution vulnerability in the HFS+ file parser. (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser. (CVE-2023-20052)
Timing side channel in the RSA decryption implementation of the GNU TLS library. (CVE-2023-0361) References: - https://bugs.mageia.org/show_bug.cgi?id=31558
Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links, the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the
The password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567) The core path resolution function allocates a buffer one byte too small.
Client memory disclosure when connecting, with Kerberos, to modified server. (CVE-2022-41862) References: - https://bugs.mageia.org/show_bug.cgi?id=31531
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. (CVE-2022-24963) References:
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. (CVE-2022-39348)
Remote code execution, but requires user action to open a notebook. (CVE-2021-32797), and other bug fixes. References: - https://bugs.mageia.org/show_bug.cgi?id=30699
Executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to. (CVE-2022-21699) References: