Find the information you need for your favorite open source distribution .
slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - slapi-nis-0.56.5-4.el7_9.x86_64.rpm - slapi-nis-debuginfo-0.56.5-4.el7_9.x86_64.rpm - Scientific Linux Development Team
xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation (CVE-2021-3472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - xorg-x11-server-Xdmx-1.20.4-16.el7_9.x86_64.rpm - xorg-x11-server-Xephyr-1.20.4-16.el7_9.x86_64.rpm - xorg-x11-server-Xne [More...]
postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other [More...]
bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - bind-9.11.4-26.P2.el7_9.5.x86_64.rpm - bind-chroot-9.11.4-26.P2.el7_9.5.x86_ [More...]
openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - openldap-2.4.44-23.el7_9.i686.rpm - openldap-2.4.44-23.el7_9.x86_64.rpm - openldap-clients-2.4.44-23.el7_9.x86_64.rpm - openldap-debugin [More...]
nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * FTBFS: Paypal Cert expired * FTBFS: IKE CLASS_1563 fails gtest * Cannot compile code with nss headers and -Werror=strict-prototypes * CA HSM ncipher token disabled after [More...]
This update upgrades Firefox to version 78.10.0 ESR. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]
This update upgrades Thunderbird to version 78.10.0. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]
XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347 [More...]
