💾 Archived View for data.konfusator.de › feeds › dsa.gmi captured on 2023-11-14 at 07:47:40. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
Zuletzt aktualisiert: 2023-11-13T07:40:20+00:00
2023-11-12
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
2023-11-09
An use after free issue was discovered in WebAudio in Google Chrome prior
to 119.0.6045.123, which allowed a remote attacker to potentially exploit
heap corruption via a crafted HTML page
2023-11-08
Multiple security vulnerabilities have been discovered in Cacti, a web
interface for graphing of monitoring systems, which could result in
cross-site scripting, SQL injection, an open redirect or command injection.
2023-11-05
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service or information disclosure.
2023-11-05
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service.
2023-11-04
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
2023-11-02
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
2023-11-02
An out-of-bounds write was discovered in the MMS demuxer of the VLC media
player.
2023-10-31
Damien Diederen discovered that SASL quorum peer authentication within
Zookeeper, a service for maintaining configuration information, was
insufficiently enforced in some configurations.
2023-10-31
Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.
2023-10-30
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.
2023-10-30
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.
2023-10-30
Two remotely exploitable security vulnerabilities were discovered in Jetty 9,
a Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.
2023-10-30
It was reported that incorrect bound checks in the dsaVerify function
in node-browserify-sign, a Node.js library which adds crypto signing
for browsers, allows an attacker to perform signature forgery attacks
by constructing signatures that can be successfully verified by any
public key.
2023-10-27
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
2023-10-27
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in bypass of sandbox restrictions or denial of service.
2023-10-26
An important security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
2023-10-25
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, clickjacking, spoofing or information leaks.
2023-10-25
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
2023-10-24
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.
2023-10-24
Tony Battersby reported that incorrect cipher key and IV length
processing in OpenSSL, a Secure Sockets Layer toolkit, may result in
loss of confidentiality for some symmetric cipher modes.
2023-10-23
It was discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, did not properly sanitize HTML messages.
This would allow an attacker to load arbitrary JavaScript code.
2023-10-22
Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.
2023-10-17
Francois Diakhate discovered that several race conditions in file
processing of the Simple Linux Utility for Resource Management (SLURM),
a cluster resource management and job scheduling system, could result
in denial of service by overwriting arbitrary files.
2023-10-16
William Khem-Marquez discovered that using malicious plugins for the
the Babel JavaScript compiler could result in arbitrary code execution
during compilation
════════════════════════
Skriptlauf: 2023-11-14T13:32:01