Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links, the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the
The password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567) The core path resolution function allocates a buffer one byte too small.
Client memory disclosure when connecting, with Kerberos, to modified server. (CVE-2022-41862) References: - https://bugs.mageia.org/show_bug.cgi?id=31531
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. (CVE-2022-24963) References:
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. (CVE-2022-39348)
Remote code execution, but requires user action to open a notebook. (CVE-2021-32797), and other bug fixes. References: - https://bugs.mageia.org/show_bug.cgi?id=30699
Executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to. (CVE-2022-21699) References:
User Interface lockup with messages combining S/MIME and OpenPGP. (CVE-2023-0616) Content security policy leak in violation reports using iframes. (CVE-2023-25728)
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled (CVE-2023-0767). The Content-Security-Policy-Report-Only header could allow an attacker to leak
nodejs qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such
Denial of service due to heap-based buffer overflow issue in UPX in PackTmt::pack() in p_tmt.cpp file. (CVE-2023-23456) Denial of service due to segmentation fault in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. (CVE-2023-23457)
Avoid unintentionally using binaries from CWD (CVE-2022-23853) Fix a possible DOS involving the Qt SQL ODBC driver plugin (CVE-2023-24607) Also fixes a regression that prevented Akonadi from working with kmail
Tss2_RC_SetHandler and Tss2_RC_Decode both index into layer_handler with an 8 bit layer number, but the array only has TPM2_ERROR_TSS2_RC_LAYER_COUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. (CVE-2023-22745)
Security fix for an XSS vulnerability in the drag-and-drop upload functionality (PMASA-2023-01) Additional bugfixes including - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0341)
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42826) (CVE-2023-23517) (CVE-2023-23518) References: - https://bugs.mageia.org/show_bug.cgi?id=31504