Find the information you need for your favorite open source distribution .
samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Fix CVE-2020-25717 username map [script] advice * Fix Kerberos authentication on standalone server with MIT realm S [More...]
OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283) * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (L [More...]
polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 polkit-0.112-26.el7_9.1.i686.rpm polkit-0.112-26.el7_9.1.x86_64.rpm polkit-debuginfo-0.112-26.el7_9.1.i686.rpm [More...]
OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (C [More...]
gegl: shell expansion via a crafted pathname (CVE-2021-45463) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 gegl-0.2.0-19.el7_9.1.i686.rpm gegl-0.2.0-19.el7_9.1.x86_64.rpm gegl-debuginfo-0.2.0-19.el7_9.1.i686.rpm gegl-debuginfo-0.2.0-19.el7_9.1.x86_64.rpm gegl [More...]
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) For more details about the security issue(s), includin [More...]
kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * [More...]
This update upgrades Thunderbird to version 91.5.0. * Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140) * Mozilla: Race condition when playing audio files (CVE-2022-22737) * Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738) * Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741) [More...]
This update upgrades Firefox to version 91.5.0 ESR. * Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140) * Mozilla: Race condition when playing audio files (CVE-2022-22737) * Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738) * Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741) [More...]
