OS: Debian LTS
Multiple security vulnerabilities were found in frr, the FRRouting suite of internet protocols. Maliciously constructed Border Gateway Protocol (BGP) packages or corrupted tunnel attributes may cause a denial of service (application crash) which could be exploited by a remote attacker. |
Multiple flaws were found in libyang, a parser toolkit for IETF YANG data modeling. Double frees, invalid memory access and Null pointer dereferences may cause a denial of service or potentially code execution. |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service. |
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For Debian 10 buster, this problem has been fixed in version |
OS: Mageia
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023) An issue was discovered in freedesktop poppler version 20.12.1, allows |
Extension script @substitutions@ within quoting allow SQL injection. (CVE-2023-39417) MERGE fails to enforce UPDATE or SELECT row security policies. (CVE-2023-39418) |
Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). (CVE-2023-36664) A buffer overflow flaw was found in base/gdevdevn.c:1973 in |
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href="https://linuxsecurity.com/.?../../../../../../../../../../etc/passwd" in an xi:include element. (CVE-2023-38633) |
NIST Vulnerability Database
OS: Redhat
Red Hat Integration Camel Extensions for Quarkus 2.13.3-1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a |
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which |
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Fedora
Upstream release |
Upstream release |
Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for CVE-2023-20900, CVE-2023-20867 |
Security fix for CVE-2022-46146, update to v0.10.0 |
NIST Vulnerability Database
OS: OpenSuse
An update that fixes 10 vulnerabilities is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes one vulnerability is now available. |
An update that fixes four vulnerabilities is now available. |
OS: Suse
The container bci/rust was updated. The following patches have been included in this update: |
The container bci/ruby was updated. The following patches have been included in this update: |
The container bci/bci-init was updated. The following patches have been included in this update: |
The container suse/git was updated. The following patches have been included in this update: |
OS: Debian
Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact. |
Mickael Karatekin discovered that the GNOME session locking didn't restrict a keyboard shortcut used for taking screenshots in GNOME Screenshot which could result in information disclosure. |
A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code. |
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. |
OS: Scientific
This update upgrades Firefox to version 102.15.1 ESR. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 firefox-102.15.1-1.el7_9.x86_64.rpm firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm firefox-102.15.1-1.el7_9. [More...] |
open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools- [More...] |
This update upgrades Thunderbird to version 102.15.1. * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.15.1-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el7_9.x86_64.rpm - Scientific Linux D [More...] |
This update upgrades Firefox to version 102.15.0 ESR. * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefo [More...] |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2023:4151 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:4152 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:2077 |
Upstream details at : https://access.redhat.com/errata/RHSA-2023:1904 |
Exploit-DB.com
OS: Ubuntu
Indent could be made to crash or run programs if it opened a specially crafted file. |
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
Several security issues were fixed in the Linux kernel. |
OS: Rocky
microcode_ctl bug fix and enhancement update |
Important: kernel-rt security and bug fix update |
Important: firefox security update |
Moderate: httpd:2.4 security update |
OS: Slackware
New netatalk packages are available for Slackware 14.1, 14.2, 15.0, and -current to fix a security issue. |
New python3 packages are available for Slackware 15.0 and -current to fix a security issue. |
New libwebp packages are available for Slackware 15.0 and -current to fix a security issue. |
New mozilla-thunderbird packages are available for Slackware 15.0, and -current to fix a security issue. |
OS: Arch
The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-lts before version 5.15.73-3 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux before version 6.0.1.arch2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
The package linux-hardened before version 5.19.15.hardened2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. |
OS: Gentoo
A vulnerability has been discovered in Requests which could result in the disclosure of plaintext secrets. |
Multiple vulnerabilities have been discovered in Binwalk, the worst of which could result in remote code execution. |
Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. |
An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. |