Find the information you need for your favorite open source distribution .
openldap: assertion failure in Certificate List syntax validation (CVE-2020-25709) * openldap: assertion failure in CSN normalization with invalid input (CVE-2020-25710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 openldap-2.4.44-25.el7_9.i686.rpm openldap-2.4.44-25.el [More...]
389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * CSN generator can adjust wrongly the local and remote offsets used to generate a CSN SL7 x86_64 389-ds-base-1.3.10.2-15.el7_9.x86 [More...]
kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466) * kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920) * kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155) * kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330) * kernel: failing usercopy allo [More...]
This update upgrades Thunderbird to version 91.6.0. * Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754) * Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764) * Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756) * Mozilla: Sandboxed iframes could have [More...]
This update upgrades Firefox to version 91.6.0 ESR. * Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754) * Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764) * Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756) * Mozilla: Sandboxed iframes could have [More...]
aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 aide-0.15.1-13.el7_9.1.x86_64.rpm aide-debuginfo-0.15.1-13.el7_9.1.x86_64.rpm - Scientific Linux Development Team
samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Fix CVE-2020-25717 username map [script] advice * Fix Kerberos authentication on standalone server with MIT realm S [More...]
OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283) * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (L [More...]
polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 polkit-0.112-26.el7_9.1.i686.rpm polkit-0.112-26.el7_9.1.x86_64.rpm polkit-debuginfo-0.112-26.el7_9.1.i686.rpm [More...]
