Debian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.
be57e41b4a34c57cf7b234b08605df86cb03fd9a15befc05712e6544727af3bbDebian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).
5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3Debian Linux Security Advisory 5814-1 - A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages.
f4443ed9384523d3abd4c6e094c23140071005acad52f74522bbc76a50c61b13Debian Linux Security Advisory 5813-1 - Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.
e9c9a8326794040dd9177127445ba714c9333b88e1f6e6b41a6df5985ba53e3eDebian Linux Security Advisory 5812-1 - Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.
abb6dfdb39e0f1210c77d3a3255391005a7200482ed21d2007d66c5cb1de9267Debian Linux Security Advisory 5810-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
d32a922b2a8d1eb876c604388b3eb6f5ddd165adb14cc7d91e3d4b65f709a256Debian Linux Security Advisory 5811-1 - An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code.
d8e041870369384cf1c57cd3b97f22c616a739f5c0a8d9d88154d1d723d68857Debian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.
42685e4273634d70bafd4714f19e31d4040f05cb92368cbeef41a2ca9b018002Debian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
e70bdb1f83b40c199ddc64cb93137bbf95782aeb413c59e47cefffa7b6c905fdDebian Linux Security Advisory 5807-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code.
8f3c1b077d0762d3db727e29062fd0df1874643887574964ca236b8411191559Debian Linux Security Advisory 5806-1 - A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
fce1169174ab0f1c9d395e5ce9be902d51713b7e713e94db3c679c68e190abfeDebian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.
d7113826f5a012f88420ff55af1ebd35c79c1c1fc958896fbdf57676776927d6Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
09f18ef696e1eb6325c7311ab9bc19d836da6ca05df20f1f98f6de0e2e800b67Debian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
079f70bc7e6f064ea9b0e37764c72e0f7d88c07e92ff7131333c914928edc323Debian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
bfa0893d821d2c527b9d8d6d7cf1bc4c6a8c5e7d84d43de272f4e6263b10c570Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.
7663ad350ea4147d8c339e47d4e4c09f18b27dab1f732df508fa0ac88122a418Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.
7de4b646e251e2d19beaff13447bea9203d84dff1252032449a7a84e3fe4b164Debian Linux Security Advisory 5799-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
cf85b1f4e4f9f520fe443ebf928e9a4f94614fd6a0180f5558eb6134dd1c5cb0Debian Linux Security Advisory 5798-1 - Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.
45b67c516cd6f0886ceabd7906d8897cff0b47731379675fc4210f9dc1ea42e3Debian Linux Security Advisory 5797-1 - Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.
d2e4ef02fb6b8a9e62d5bff06f0ca450918e03b813ca797ca8fd981a18bc4e54Debian Linux Security Advisory 5796-1 - Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code.
fbd55cb3a70231c0ea733af2b444856fcbaa51d4b20e4652e5aaaa4d05aa8d9fDebian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
e6ae4b806618868271a568847282414626155e507e7451c60c2e232cc3aac875Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.
d38e317023dbf069ec3844471d1111a0cc4ddfa3e3de5ea812dcba5c6ee80347Debian Linux Security Advisory 5793-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
a639a7d1289dbe3e7b752ce962df23b2b6678ccb48fe42b2380c790047568270Debian Linux Security Advisory 5792-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Hafiizh and YoKo Kho discovered that visiting a malicious website may lead to address bar spoofing. Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin.
6c18c5c48316e22ebdd4c277dc051b11216afc79e2f4ce344b61f3d3a8f4d3ef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed