💾 Archived View for data.konfusator.de › feeds › dsa.gmi captured on 2023-11-04 at 11:26:55. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-09-28)
-=-=-=-=-=-=-
Zuletzt aktualisiert: 2023-11-04T11:41:15+00:00
2023-11-04
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
2023-11-02
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
2023-11-02
An out-of-bounds write was discovered in the MMS demuxer of the VLC media
player.
2023-10-31
Damien Diederen discovered that SASL quorum peer authentication within
Zookeeper, a service for maintaining configuration information, was
insufficiently enforced in some configurations.
2023-10-31
Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.
2023-10-30
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.
2023-10-30
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.
2023-10-30
Two remotely exploitable security vulnerabilities were discovered in Jetty 9,
a Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.
2023-10-30
It was reported that incorrect bound checks in the dsaVerify function
in node-browserify-sign, a Node.js library which adds crypto signing
for browsers, allows an attacker to perform signature forgery attacks
by constructing signatures that can be successfully verified by any
public key.
2023-10-27
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
2023-10-27
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in bypass of sandbox restrictions or denial of service.
2023-10-26
An important security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
2023-10-25
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, clickjacking, spoofing or information leaks.
2023-10-25
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
2023-10-24
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.
2023-10-24
Tony Battersby reported that incorrect cipher key and IV length
processing in OpenSSL, a Secure Sockets Layer toolkit, may result in
loss of confidentiality for some symmetric cipher modes.
2023-10-23
It was discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, did not properly sanitize HTML messages.
This would allow an attacker to load arbitrary JavaScript code.
2023-10-22
Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.
2023-10-17
Francois Diakhate discovered that several race conditions in file
processing of the Simple Linux Utility for Resource Management (SLURM),
a cluster resource management and job scheduling system, could result
in denial of service by overwriting arbitrary files.
2023-10-16
William Khem-Marquez discovered that using malicious plugins for the
the Babel JavaScript compiler could result in arbitrary code execution
during compilation
2023-10-12
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
2023-10-12
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
2023-10-11
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix, which might result in denial of
service, information disclosure or privilege escalation.
2023-10-11
Kevin Backhouse discovered an out-of-bounds array access in Libcue, a
library for parsing CD metadata, which could result in the execution of
arbitrary code.
2023-10-11
Two security issues were found in Curl, an easy-to-use client-side URL
transfer library and command line tool:
2023-10-10
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
2023-10-10
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
2023-10-10
Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work, which could result in cross-site scripting,
denial of service or information disclosure
2023-10-06
Maxim Suhanov discovered multiple vulnerabilities in GRUB2's code to
handle NTFS filesystems, which may result in a Secure Boot bypass.
2023-10-05
It was discovered that missing input sanitising in the encoding support
in libvpx, a multimedia library for the VP8 and VP9 video codecs, may
result in denial of service.
2023-10-05
Multiple security vulnerabilities were discovered in libx11, the X11
client-side library, which may result in denial of service or the
execution of arbitrary code.
2023-10-05
Multiple security vulnerabilities were discovered in libxpm, the X11
pixmap library, which may result in denial of service or the execution
of arbitrary code.
════════════════════════
Skriptlauf: 2023-11-04T16:02:02