• git://
#Vulnerabilities 4489
Date Id Summary Products Score Patch Annotated
2023-05-30 CVE-2023-34151 A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 5.5
2023-05-30 CVE-2023-34152 A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 9.8
2023-05-30 CVE-2023-34153 A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 7.8
2023-05-25 CVE-2023-31130 c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed... C\-Ares, Fedora 6.4
2023-05-25 CVE-2023-32067 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. C\-Ares, Fedora 7.5
2023-03-30 CVE-2023-27536 An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. Debian_linux, Fedora, Libcurl, Active_iq_unified_manager, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Ontap 5.9
2020-11-03 CVE-2020-16009 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Cefsharp, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Backports_sle, Leap 8.8
2022-02-24 CVE-2021-3610 A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Fedora, Imagemagick, Enterprise_linux 7.5
2023-05-26 CVE-2023-1667 A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Debian_linux, Fedora, Libssh, Enterprise_linux 6.5
2023-05-26 CVE-2023-2283 A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed... Fedora, Libssh, Enterprise_linux 6.5