Heap overflow leading to arbitrary code execution. (CVE-2021-31439) Buffer overflow leading to remote code execution (CVE-2022-0194) Improper length validation leading to remote code execution (CVE-2022-23121) Buffer overflow leading to remote code execution (CVE-2022-23122)
Internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. (CVE-2022-41323) Potential denial-of-service via Accept-Language headers (CVE-2023-23969)
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. (CVE-2023-21884) Unauthenticated attacker with network access via multiple protocols to
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. (CVE-2022-32325) References: - https://bugs.mageia.org/show_bug.cgi?id=31424
XSS in phoromatic_r_add_test_details.php (CVE-2022-40704) References: - https://bugs.mageia.org/show_bug.cgi?id=31423 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak7a5b832282f4500cf30bad42194eb00d').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy7a5b832282f4500cf30bad42194eb00d = 'package-announce' + '@'; addy7a5b832282f4500cf30bad42194eb00d = addy7a5b832282f4500cf30bad42194eb00d + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text7a5b832282f4500cf30bad42194eb00d = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak7a5b832282f4500cf30bad42194eb00d').innerHTML += ''+addy_text7a5b832282f4500cf30bad42194eb00d+''; /thread/ETFF53AECMDP6PTNUVVCOODN3HMOETUU/
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049) References: - https://bugs.mageia.org/show_bug.cgi?id=31422
Potential memory leak when creating a texture for an OpenGL ES image (CVE-2022-4743) References: - https://bugs.mageia.org/show_bug.cgi?id=31418
ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run
