A flaw was found in OpenEXR’s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Category Archives: Advisories
CVE-2021-23158
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
CVE-2021-23165
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVE-2020-25721
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
CVE-2021-0957
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550
CVE-2021-20180
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
CVE-2021-20257
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
openvpn-2.5.6-1.fc35
FEDORA-2022-a9bd17092d
Packages in this update:
openvpn-2.5.6-1.fc35
Update description:
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
openvpn-2.5.6-1.fc34
FEDORA-2022-7d46acce7c
Packages in this update:
openvpn-2.5.6-1.fc34
Update description:
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
openvpn-2.5.6-1.fc36
FEDORA-2022-cb4c1146dc
Packages in this update:
openvpn-2.5.6-1.fc36
Update description:
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.