rasdaemon.env: No such file or directory

Некорректная работа при попытке создания нескольких FAT16/FAT32 разделов

Установщик системы позволяет задать размер FAT16 раздела большим, чем максимально поддерживаемый файловой системой (4095Mb)

Уязвимость средства разархивирования файлов UnRAR, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

Обновить до 3.5.3

Поддержка любого KDE

Уязвимость интерпретатора языка программирования R, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код в целевой системе

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.

Обновите до свежей версии

просьба обноить до 4.3.2

Просьба обновить до 4.4.x

Просьба обновить до 4.4.x

Обновление до 4.3.3

Уязвимость функции soup_header_parse_param_list_strict() библиотеки libsoup графического интерфейса GNOME, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции append_param_quoted() библиотеки libsoup графического интерфейса GNOME, позволяющая нарушителю вызвать отказ в обслуживании

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

Ошибка при открытии окна настроек мыши