Tss2_RC_SetHandler and Tss2_RC_Decode both index into layer_handler with an 8 bit layer number, but the array only has TPM2_ERROR_TSS2_RC_LAYER_COUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. (CVE-2023-22745)
Security fix for an XSS vulnerability in the drag-and-drop upload functionality (PMASA-2023-01) Additional bugfixes including - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0341)
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-42826) (CVE-2023-23517) (CVE-2023-23518) References: - https://bugs.mageia.org/show_bug.cgi?id=31504
A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. (CVE-2020-36646)
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. (CVE-2022-25147) References:
The chromium-browser-stable package has been updated to the 109.0.5414.119 release, fixing 6 vulnerabilities. Some of the security fixes are: High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. (CVE-2022-3341)
NULL pointer dereferences in op_get_data() and op_open1() in opusfile.c (CVE-2022-47021) References: - https://bugs.mageia.org/show_bug.cgi?id=31505
Segmentation fault on invalid MNG size References: - https://bugs.mageia.org/show_bug.cgi?id=31499 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/QJTWGZLBNOSKCUFIH7AQANEJPFF7DVDL/
Missing message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow (CVE-2023-22741) References: - https://bugs.mageia.org/show_bug.cgi?id=31493
Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting (XSS) attacks. (CVE-2020-4051) Prototype pollution vulnerability via the setObject() function. (CVE-2021-23450)
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. (CVE-2022-48281) References:
Improper restrictions in CORBA deserialization. (CVE-2023-21830) Handshake DoS attack against DTLS connections. (CVE-2023-21835) Soundbank URL remote loading. (CVE-2023-21843)
Denial of service via crafted regular expression (CVE-2021-32837) Fixed mechanize not found during build. References: - https://bugs.mageia.org/show_bug.cgi?id=31450
libusrsctp library out of date. (CVE-2022-46871) Arbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598) URL being dragged from cross-origin iframe into same tab triggers
gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a '.gitattributes' file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path
CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting. Prior to 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the
libXpm incorrectly handled calling external helper binaries. If libXpm was being used by a setuid binary, a local attacker could possibly use this issue to escalate privileges. (CVE-2022-4883) libXpm incorrectly handled certain XPM files. If a user or automated
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
