💾 Archived View for data.konfusator.de › feeds › dsa.gmi captured on 2024-08-31 at 11:56:13. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-08-24)
-=-=-=-=-=-=-
Zuletzt aktualisiert: 2024-08-31T11:31:50Z
2024-08-30
William Khem-Marquez discovered that Pymatgen, a Python library for
materials analysis, could be tricked into running arbitrary code if a
malformed CIF file is processed.
https://security-tracker.debian.org/tracker/DSA-5763-1
2024-08-30
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-4558
An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2024-40776
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40779
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40780
Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40782
Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.
CVE-2024-40785
Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.
CVE-2024-40789
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40794
Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.
https://security-tracker.debian.org/tracker/DSA-5762-1
2024-08-29
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5761-1
2024-08-29
Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.
https://security-tracker.debian.org/tracker/DSA-5760-1
2024-08-27
Multiple security issues were discovered in Python, a high-level,
interactive, object-oriented language:
CVE-2024-0397
A race condition in the ssl module was found when accessing
CA certificates.
CVE-2024-4032
The ipaddress module contained incorrect information whether
some ipv4 and ipv6 address ranges are designated as globally
reachable or private.
CVE-2024-8088
Incorrect handling of path names in the zipfile module could
result in an infinite loop when processing a zip archive
(resulting in denial of service)
https://security-tracker.debian.org/tracker/DSA-5759-1
2024-08-26
Several vulnerabilities were discovered in Apache Traffic Server,
a reverse and forward proxy server, which could result in denial
of service or request smuggling.
https://security-tracker.debian.org/tracker/DSA-5758-1
2024-08-23
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5757-1
2024-08-21
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
https://security-tracker.debian.org/tracker/DSA-5756-1
2024-08-21
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
https://security-tracker.debian.org/tracker/DSA-5755-1
2024-08-21
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
https://security-tracker.debian.org/tracker/DSA-5754-1
2024-08-21
An integer overflow was discovered in aom, the AV1 Video Codec Library,
which could potentially result in the execution of arbitrary code if a
malformed media file is processed.
https://security-tracker.debian.org/tracker/DSA-5753-1
2024-08-21
Two vulnerabilities have been discovered in the IMAP implementation of
the Dovecot mail server: Excessive numbers of address headers or very
large headers can result in high CPU usage, leading to denial of
service.
https://security-tracker.debian.org/tracker/DSA-5752-1
2024-08-19
Joshua Rogers that incorrect parsing of ESI variables in the Squid proxy
caching server could result in memory corruption.
https://security-tracker.debian.org/tracker/DSA-5751-1
2024-08-18
Support for the "strict kex" SSH extension has been backported to
AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening
against the Terrapin attack.
https://security-tracker.debian.org/tracker/DSA-5750-1
2024-08-14
Chris Williams discovered a flaw in the handling of mounts for
persistent directories in Flatpak, an application deployment framework
for desktop apps. A malicious or compromised Flatpak app using
persistent directories could take advantage of this flaw to access files
outside of the sandbox.
Details can be found in the upstream advisory at
https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87
https://security-tracker.debian.org/tracker/DSA-5749-1
2024-08-14
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
https://security-tracker.debian.org/tracker/DSA-5748-1
2024-08-13
Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
https://security-tracker.debian.org/tracker/DSA-5743-2
2024-08-12
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
https://security-tracker.debian.org/tracker/DSA-5747-1
2024-08-09
Noah Misch discovered a race condition in the pg_dump tool included in
PostgreSQL, which may result in privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5746-1
2024-08-09
Noah Misch discovered a race condition in the pg_dump tool included in
PostgreSQL, which may result in privilege escalation.
https://security-tracker.debian.org/tracker/DSA-5745-1
2024-08-08
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5744-1
2024-08-08
Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
https://security-tracker.debian.org/tracker/DSA-5743-1
2024-08-08
A vulnerability was discovered in odoo, a suite of web based open
source business apps. It could result in the execution of arbitrary
code.
https://security-tracker.debian.org/tracker/DSA-5742-1
2024-08-08
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5741-1
2024-08-07
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, the bypass of sandbox restrictions or an information leak.
https://security-tracker.debian.org/tracker/DSA-5740-1
2024-08-06
Rory McNamara reported a local privilege escalation in wpasupplicant: A
user able to escalate to the netdev group can load arbitrary shared
object files in the context of the wpa_supplicant process running as
root.
https://security-tracker.debian.org/tracker/DSA-5739-1
2024-08-06
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of Java sandbox restrictions.
https://security-tracker.debian.org/tracker/DSA-5738-1
2024-08-05
If LibreOffice failed to validate a signed macro, it displayed a warning
but still allowed execution of the script after printing a warning.
Going forward in high macro security mode such macros are now disabled.
For additional information please refer to
https://www.libreoffice.org/about-us/security/advisories/cve-2024-6472/
https://security-tracker.debian.org/tracker/DSA-5737-1
2024-08-05
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of Java sandbox restrictions.
https://security-tracker.debian.org/tracker/DSA-5736-1
2024-07-31
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5735-1
════════════════════════
Skriptlauf: 2024-08-31T17:32:02